Decrypt the given payload with the key identified by dataSubjectId.
Decrypt the given payload with the key identified by dataSubjectId.
The key will be retrieved using the KeyManagement
None if the key has been deleted
Encrypt the given payload with the key identified by dataSubjectId.
Encrypt the given payload with the key identified by dataSubjectId.
The key will be either created or retrieved using the KeyManagement
A KeyManagement for creating and retrieving keys.
A KeyManagement for creating and retrieving keys.
The SecureRandom
that is used for the initialization vectors of the encryption.
The SecureRandom
that is used for the initialization vectors of the encryption.
Subclass may override to define another implementation than the default.
Remove the key identified by dataSubjectId from KeyManagement.
Remove the key identified by dataSubjectId from KeyManagement.
Implementation of
GdprEncryption
that has support for PKCS12 and JCEKS keystores.Not intended for production use other than possibly for single node applications as it saves to a local file so won't be available for all other nodes in the cluster. If your application is distributed you'll need to create a
KeyManagement
implementation for your distributed secret store e.g. Vault and use that with AbstractGdprEncryption.The Java Keystore API is blocking so it's important to use this from a dedicated dispatcher.
It can be enabled in configuration with:
akka.persistence.gdpr.encryption-provider = "akka.persistence.gdpr.jca-provider"