Class DataSourceEncryptedDataHandler
java.lang.Object
org.elasticsearch.xpack.esql.datasources.DataSourceEncryptedDataHandler
- All Implemented Interfaces:
EncryptedDataHandler<DataSourceMetadata>
public final class DataSourceEncryptedDataHandler
extends Object
implements EncryptedDataHandler<DataSourceMetadata>
Re-encrypts every stored data-source secret under the active project encryption key on rotation —
without it, retiring a key would strand secrets undecryptable. Driven by the rotation coordinator for
the
DataSourceMetadata custom; contributed via EsqlEncryptedDataHandlerProvider. The
payload is an opaque writeGenericValue blob, preserved verbatim — only the wrapping key changes.-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptiononDestructiveReset(DataSourceMetadata current) On destructive reset, wipe only the encrypted credential values while preserving the rest of each data source's configuration (name, type, description, non-secret settings).reEncrypt(DataSourceMetadata current, EncryptionService encryptionService, String activeKeyId)
-
Constructor Details
-
DataSourceEncryptedDataHandler
public DataSourceEncryptedDataHandler()
-
-
Method Details
-
customName
- Specified by:
customNamein interfaceEncryptedDataHandler<DataSourceMetadata>
-
onDestructiveReset
On destructive reset, wipe only the encrypted credential values while preserving the rest of each data source's configuration (name, type, description, non-secret settings). Users will seenullfor credentials in the API and need only re-provision those — not recreate the entire data source from scratch.- Specified by:
onDestructiveResetin interfaceEncryptedDataHandler<DataSourceMetadata>
-
reEncrypt
public DataSourceMetadata reEncrypt(DataSourceMetadata current, EncryptionService encryptionService, String activeKeyId) - Specified by:
reEncryptin interfaceEncryptedDataHandler<DataSourceMetadata>
-