public interface EncryptionManager
extends java.io.Serializable
This must be serializable because an instance may be instantiated in one place and sent across the wire in some Iceberg integrations, notably Spark.
Modifier and Type | Method and Description |
---|---|
InputFile |
decrypt(EncryptedInputFile encrypted)
Given an
EncryptedInputFile.encryptedInputFile() representing the raw encrypted bytes
from the underlying file system, and given metadata about how the file was encrypted via EncryptedInputFile.keyMetadata() , return an InputFile that returns decrypted input
streams. |
default java.lang.Iterable<InputFile> |
decrypt(java.lang.Iterable<EncryptedInputFile> encrypted)
Variant of
decrypt(EncryptedInputFile) that provides a sequence of files that all need
to be decrypted in a single context. |
default java.lang.Iterable<EncryptedOutputFile> |
encrypt(java.lang.Iterable<OutputFile> rawOutput)
Variant of
encrypt(OutputFile) that provides a sequence of files that all need to be
encrypted in a single context. |
EncryptedOutputFile |
encrypt(OutputFile rawOutput)
Given a handle on an
OutputFile that writes raw bytes to the underlying file system,
return a bundle of an EncryptedOutputFile.encryptingOutputFile() that writes encrypted
bytes to the underlying file system, and the EncryptedOutputFile.keyMetadata() that
points to the encryption key that is being used to encrypt this file. |
InputFile decrypt(EncryptedInputFile encrypted)
EncryptedInputFile.encryptedInputFile()
representing the raw encrypted bytes
from the underlying file system, and given metadata about how the file was encrypted via EncryptedInputFile.keyMetadata()
, return an InputFile
that returns decrypted input
streams.default java.lang.Iterable<InputFile> decrypt(java.lang.Iterable<EncryptedInputFile> encrypted)
decrypt(EncryptedInputFile)
that provides a sequence of files that all need
to be decrypted in a single context.
By default this calls the single-file decryption method for each element in the iterator. Implementations can override this for a variety of optimizations. For example, an implementation can perform lookahead on the input iterator and fetch encryption keys in batch.
EncryptedOutputFile encrypt(OutputFile rawOutput)
OutputFile
that writes raw bytes to the underlying file system,
return a bundle of an EncryptedOutputFile.encryptingOutputFile()
that writes encrypted
bytes to the underlying file system, and the EncryptedOutputFile.keyMetadata()
that
points to the encryption key that is being used to encrypt this file.default java.lang.Iterable<EncryptedOutputFile> encrypt(java.lang.Iterable<OutputFile> rawOutput)
encrypt(OutputFile)
that provides a sequence of files that all need to be
encrypted in a single context.
By default this calls the single-file encryption method for each element in the iterator. Implementations can override this for a variety of optimizations. For example, an implementation can perform lookahead on the input iterator and fetch encryption keys in batch.