Feature: Application-Layer Encryption of Snapshot State

[c247t]

Requirement
In my current project, we keep sensitive data confidential by means of application-layer encryption. We evaluated JaVers for a changelog-like functionality, and it works like a charm, thank you very much! The only missing link was a catch-all kind of callback for us to provide the same level of confidentiality for the changelog as for the live data, ideally by using the very same implementation.

Working towards a solution
First we looked into TypeAdapters, but for those to work out we'd have to ensure that all fields in all entities would be covered at all times. Neither did the GSON Adapter for CdoSnapshotState feel like the proper spot to inject an optional conversion layer. Hence I chose to augment the SnapshotQuery and SnapshotRepository with an interface allowing to supply a symmetrical String-to-String codec, the provided default implementation of which is a no-op. The entire setup of the cryptographic engine is up to the integrator, i.e. there is no dependency or complexity per se added to JaVers.

Limitations
So far, we only took care of the SQL repository, which is what we're using. If the approach is deemed feasible for upstreaming, an equivalent for the Mongo repository should not be too difficult to provide.

Pull request is in the making, for your consideration.

[bartoszwalacik]

@c247t thanks for the well thought issue. The provided PR LGTM. Please consider adding a test case.

[kelunik]

This can be closed, as this has been included in 6.12. 🎉

[bartoszwalacik]

released in 6.12, thanks @c247t @kelunik