Kong · Schema
Encrypt Parsed Record
Encrypts fields of parsed Kafka records using AES_256_GCM. Keys are therefore 256 bits long. Note this policy can only be used as a child of a `EventGatewayProduceSchemaValidationPolicy` policy.
API GatewayAI GatewayAI ConnectivityAgent GatewayEvent GatewayMCP RegistryService MeshLLMKafkaKonnectOpen Source
Properties
| Name | Type | Description |
|---|---|---|
| type | string | The type name of the policy. |
| name | string | A unique user-defined name of the policy. |
| description | string | A human-readable description of the policy. |
| enabled | boolean | Whether the policy is enabled. |
| labels | object | |
| config | object | The configuration of the policy. |
| condition | string | A string containing the boolean expression that determines whether the policy is applied. When the policy is applied as a child policy of schema_validation, the expression can also reference `record.v |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "#/components/schemas/EventGatewayParsedRecordEncryptFieldsPolicy",
"title": "Encrypt Parsed Record",
"description": "Encrypts fields of parsed Kafka records using AES_256_GCM. Keys are therefore 256 bits long.\n\nNote this policy can only be used as a child of a `EventGatewayProduceSchemaValidationPolicy` policy.\n",
"type": "object",
"properties": {
"type": {
"description": "The type name of the policy.",
"type": "string",
"const": "encrypt_fields",
"maxLength": 255,
"minLength": 1
},
"name": {
"description": "A unique user-defined name of the policy.",
"type": "string",
"maxLength": 255,
"x-unicode-pattern": "^[\\p{L}\\p{N}][\\p{L}\\p{N} _\\-\\.:/+']*[\\p{L}\\p{N}]$"
},
"description": {
"description": "A human-readable description of the policy.",
"type": "string",
"default": "",
"maxLength": 512
},
"enabled": {
"description": "Whether the policy is enabled.",
"type": "boolean",
"default": true
},
"labels": {
"$ref": "#/components/schemas/Labels"
},
"config": {
"description": "The configuration of the policy.",
"type": "object",
"$ref": "#/components/schemas/EventGatewayParsedRecordEncryptFieldsConfig"
},
"condition": {
"description": "A string containing the boolean expression that determines whether the policy is applied.\n\nWhen the policy is applied as a child policy of schema_validation, the expression can also reference\n`record.value` fields.\n",
"type": "string",
"example": "record.value.content.foo.bar == \"a-value\"",
"default": "",
"maxLength": 1000,
"x-expression": {
"type": "boolean",
"fields": [
{
"name": "context.auth.principal.name",
"type": "string",
"description": "Name of authenticated principal. Username in case of PLAIN/SCRAM, `sub` claim in case of OAUTHBEARER."
},
{
"name": "context.auth.type",
"type": "string",
"description": "The matched authentication type from a virtual cluster: anonymous, sasl_plain, sasl_scram_sha256, sasl_scram_sha512, sasl_oauth_bearer.\n"
},
{
"name": "context.topic.name",
"type": "string",
"description": "The name of the topic."
},
{
"name": "record.headers",
"type": "object",
"description": "An associative array of header key value pairs."
},
{
"name": "record.value.validated",
"type": "boolean",
"description": "Indicates whether the record value was successfully validated."
},
{
"name": "record.value.content",
"type": "object",
"description": "The content of the record value."
}
]
}
}
},
"required": [
"type",
"config"
]
}