This is a standalone library as well as a supporting repository for Lhotse, a starter kit for writing event sourced web applications following domain driven design principles.
This library implements crypto shredding for the Axon event log and saga store. Crypto shredding is a technique for disabling access to sensitive information by discarding encryption keys. You might use this on the behest of a user or when retention is no longer justified in order to comply with the European Union's General Data Protection Regulation (GDPR) without compromising the append-only nature of your event log.
The extension wraps the existing Axon serializers and intercepts fields annotated with @EncryptedField, encrypting
them with symmetric keys that are generated and stored alongside the Axon event log and saga store. Encryption keys
are identified via the @EncryptionKeyIdentifier annotation. This annotation accepts an optional keyType parameter
that is used to differentiate between identifiers when key uniqueness cannot be globally guaranteed (such as when using
monotonically increasing integers).
A 256 bit AES (symmetric) key is generated for each {identifier, keyType} tuple. Each field annotated
with @EncryptedField is encrypted using an initialisation vector unique to that field. This initialisation vector is
stored as part of the serialised field payload.
Multiple @EncryptionKeyIdentifier annotations can be used per payload. These keys are mapped to specific fields via
tags. This allows, for example, an event that contains the PII of two subjects to be encrypted using different
encryption keys owned by the respective subjects.
The CryptoShreddingKeyService's deleteSecretKey method should be called to discard a secret key. The encryption key
table should not be modified directly.
Once a key has been discarded, deserialisation will return fields with default values for the field's data type.
Projections can be cleaned up through event handlers that perform an appropriate action -- delete or scrub -- given your domain.
Aggregate snapshots may need to be dropped and saga lifecycles may need to be completed.
This library (or a similar implementation) is required to deserialise annotated events once encryption has been applied. It is not sufficient to remove this library as a dependency as the underlying data types in the serialised form do not align with the types declared for an event or saga.
Maven:
<dependency>
<groupId>engineering.everest.axon</groupId>
<artifactId>crypto-shredding-extension</artifactId>
<version>${version}</version>
</dependency>Gradle:
implementation "engineering.everest.axon:crypto-shredding-extension:${version}"
- Add implementation for
SecretKeyRepositoryto persist the secret keys. Default implementationDefaultSecretKeyRepositorycan found here - configure your event serializer to be wrapped by the crypto-shredding serializer:
@Bean
public CryptoShreddingSerializer eventSerializer(CryptoShreddingKeyService cryptoShreddingKeyService,
EncrypterDecrypterFactory aesEncrypterDecrypterFactory,
DefaultValueProvider defaultValueProvider,
KeyIdentifierToStringConverter keyIdentifierToStringConverter) {
return new CryptoShreddingSerializer(JacksonSerializer.defaultSerializer(), cryptoShreddingKeyService,
aesEncrypterDecrypterFactory, new ObjectMapper(), defaultValueProvider, keyIdentifierToStringConverter);
}
Talk to us
hi@everest.engineering.