data_encryption_keys
Creates, updates, deletes, gets or lists a data_encryption_keys resource.
Overview
| Name | data_encryption_keys |
| Type | Resource |
| Id | confluent.encryption_keys.data_encryption_keys |
Fields
The following fields are returned by SELECT queries:
- get_dek
- get_dek_subjects
The dek info
| Name | Datatype | Description |
|---|---|---|
algorithm | string | Algorithm of the dek (AES128_GCM, AES256_GCM, AES256_SIV) |
deleted | boolean | Whether the dek is deleted |
encryptedKeyMaterial | string | Encrypted key material of the dek |
kekName | string | Kek name of the dek |
keyMaterial | string | Raw key material of the dek |
subject | string | Subject of the dek |
ts | integer (int64) | Timestamp of the dek |
version | integer (int32) | Version of the dek |
List of dek subjects
| Name | Datatype | Description |
|---|---|---|
dek_subject | string |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_dek | select | name, subject | algorithm, deleted | |
get_dek_subjects | select | name | deleted, offset, limit | |
create_dek | insert | name | ||
delete_dek_versions | delete | name, subject | algorithm, permanent | |
undelete_dek_versions | exec | name, subject | algorithm |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
name | string | Name of the kek |
subject | string | Subject of the dek |
algorithm | string | Algorithm of the dek |
deleted | boolean | Whether to include deleted keys |
limit | integer | Pagination size for results. Ignored if negative |
offset | integer | Pagination offset for results |
permanent | boolean | Whether to perform a permanent delete |
SELECT examples
- get_dek
- get_dek_subjects
The dek info
SELECT
algorithm,
deleted,
encryptedKeyMaterial,
kekName,
keyMaterial,
subject,
ts,
version
FROM confluent.encryption_keys.data_encryption_keys
WHERE name = '{{ name }}' -- required
AND subject = '{{ subject }}' -- required
AND algorithm = '{{ algorithm }}'
AND deleted = '{{ deleted }}'
;
List of dek subjects
SELECT
dek_subject
FROM confluent.encryption_keys.data_encryption_keys
WHERE name = '{{ name }}' -- required
AND deleted = '{{ deleted }}'
AND offset = '{{ offset }}'
AND limit = '{{ limit }}'
;
INSERT examples
- create_dek
- Manifest
No description available.
INSERT INTO confluent.encryption_keys.data_encryption_keys (
subject,
version,
algorithm,
encryptedKeyMaterial,
deleted,
name
)
SELECT
'{{ subject }}',
{{ version }},
'{{ algorithm }}',
'{{ encryptedKeyMaterial }}',
{{ deleted }},
'{{ name }}'
RETURNING
algorithm,
deleted,
encryptedKeyMaterial,
kekName,
keyMaterial,
subject,
ts,
version
;
# Description fields are for documentation purposes
- name: data_encryption_keys
props:
- name: name
value: "{{ name }}"
description: Required parameter for the data_encryption_keys resource.
- name: subject
value: "{{ subject }}"
description: |
Subject of the dek
- name: version
value: {{ version }}
description: |
Version of the dek
- name: algorithm
value: "{{ algorithm }}"
description: |
Algorithm of the dek
valid_values: ['AES128_GCM', 'AES256_GCM', 'AES256_SIV']
- name: encryptedKeyMaterial
value: "{{ encryptedKeyMaterial }}"
description: |
Encrypted key material of the dek
- name: deleted
value: {{ deleted }}
description: |
Whether the dek is deleted
DELETE examples
- delete_dek_versions
No description available.
DELETE FROM confluent.encryption_keys.data_encryption_keys
WHERE name = '{{ name }}' --required
AND subject = '{{ subject }}' --required
AND algorithm = '{{ algorithm }}'
AND permanent = '{{ permanent }}'
;
Lifecycle Methods
- undelete_dek_versions
No Content
EXEC confluent.encryption_keys.data_encryption_keys.undelete_dek_versions
@name='{{ name }}' --required,
@subject='{{ subject }}' --required,
@algorithm='{{ algorithm }}'
;