mirrors/scylladb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
copilot/fix-task-api-docs-and-node-ops
scylladb/ent/encryption/kmip_host.hh
Calle Wilund 723518c390 EAR: port the ear feature from enterprise 
Bulk transfer of EAR functionality. Includes all providers etc.
Could maybe break up into smaller blocks, but once it gets down to
the core of it, would require messing with code instead of just moving.
So this is it.

Note: KMIP support is disabled unless you happen to have the kmipc
SDK in your scylla dir.

Adds optional encryption of sstables and commitlog, using block
level file encryption. Provides key sourcing from various sources,
such as local files or popular KMS systems.
2025-01-09 10:37:26 +00:00

81 lines
1.9 KiB
C++
Raw Permalink Blame History

/*
* Copyright (C) 2018 ScyllaDB
*
*/
/*
* SPDX-License-Identifier: LicenseRef-ScyllaDB-Source-Available-1.0
*/
#pragma once
#include <vector>
#include <optional>
#include <chrono>
#include <iosfwd>
#include <fmt/core.h>
#include <fmt/ostream.h>
#include <seastar/core/future.hh>
#include <seastar/core/sstring.hh>
#include <seastar/core/shared_ptr.hh>
#include "../../bytes.hh"
#include "symmetric_key.hh"
namespace encryption {
class symmetric_key;
class encryption_context;
struct key_info;
class kmip_host {
public:
struct host_options {
std::vector<sstring> hosts;
sstring username;
sstring password;
sstring certfile;
sstring keyfile;
sstring truststore;
sstring priority_string;
std::optional<std::chrono::milliseconds> key_cache_expiry;
std::optional<std::chrono::milliseconds> key_cache_refresh;
std::optional<size_t> max_pooled_connections_per_host;
std::optional<size_t> max_command_retries;
};
struct key_options {
sstring template_name;
sstring key_namespace;
};
using id_type = bytes;
kmip_host(encryption_context&, const sstring& name, const host_options&);
kmip_host(encryption_context&, const sstring& name, const std::unordered_map<sstring, sstring>&);
~kmip_host();
future<> connect();
future<> disconnect();
future<std::tuple<shared_ptr<symmetric_key>, id_type>> get_or_create_key(const key_info&, const key_options& = {});
future<shared_ptr<symmetric_key>> get_key_by_id(const id_type&, std::optional<key_info> = std::nullopt);
/** for system key(s) */
future<shared_ptr<symmetric_key>> get_key_by_name(const sstring&);
private:
class impl;
std::unique_ptr<impl> _impl;
};
std::ostream& operator<<(std::ostream&, const kmip_host::key_options&);
}
template <> struct fmt::formatter<encryption::kmip_host::key_options> : fmt::ostream_formatter {};
Reference in New Issue View Git Blame Copy Permalink