@confluentinc/schemaregistry
Version:
Node.js client for Confluent Schema Registry
38 lines (37 loc) • 1.51 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.AwsKmsClient = void 0;
const aws_driver_1 = require("./aws-driver");
const client_kms_1 = require("@aws-sdk/client-kms");
class AwsKmsClient {
constructor(keyUri, creds) {
if (!keyUri.startsWith(aws_driver_1.AwsKmsDriver.PREFIX)) {
throw new Error(`key uri must start with ${aws_driver_1.AwsKmsDriver.PREFIX}`);
}
this.keyUri = keyUri;
this.keyId = keyUri.substring(aws_driver_1.AwsKmsDriver.PREFIX.length);
const tokens = this.keyId.split(':');
if (tokens.length < 4) {
throw new Error(`invalid key uri ${this.keyId}`);
}
const regionName = tokens[3];
this.kmsClient = new client_kms_1.KMSClient({
region: regionName,
...creds && { credentials: creds }
});
}
supported(keyUri) {
return this.keyUri === keyUri;
}
async encrypt(plaintext) {
const encryptCommand = new client_kms_1.EncryptCommand({ KeyId: this.keyId, Plaintext: plaintext });
const data = await this.kmsClient.send(encryptCommand);
return Buffer.from(data.CiphertextBlob);
}
async decrypt(ciphertext) {
const decryptCommand = new client_kms_1.DecryptCommand({ KeyId: this.keyId, CiphertextBlob: ciphertext });
const data = await this.kmsClient.send(decryptCommand);
return Buffer.from(data.Plaintext);
}
}
exports.AwsKmsClient = AwsKmsClient;