Skip to content

data protection#615

Open
unixslayer wants to merge 19 commits intoecotoneframework:mainfrom
unixslayer:data-protection
Open

data protection#615
unixslayer wants to merge 19 commits intoecotoneframework:mainfrom
unixslayer:data-protection

Conversation

@unixslayer
Copy link
Member

@unixslayer unixslayer commented Jan 15, 2026
edited
Loading

Why is this change proposed?

Sensitive data should be obfuscated when leaving application via transport channels.

Description of Changes

  • use Ecotone\DataProtection\Attribute\Sensitive to define messages with sensitive data
  • attribute can be defined with message, endpoint, or globally for channel
  • define encryption keys with Ecotone\DataProtection\Configuration\DataProtectionConfiguration
  • sensitive data will be encrypted right before its sended to queue and decrypted right after message is being retrieved from queue
  • data protection require JMSConverter module to be enabled
  • whole message payload will be encrypted with defined headers

Pull Request Contribution Terms

  • I have read and agree to the contribution terms outlined in CONTRIBUTING.

@unixslayer unixslayer requested a review from dgafka January 15, 2026 14:29
dgafka
dgafka reviewed Jan 17, 2026
View reviewed changes
@unixslayer unixslayer force-pushed the data-protection branch 2 times, most recently from 7460dca to dac7750 Compare January 23, 2026 20:44
@unixslayer unixslayer marked this pull request as ready for review January 23, 2026 20:44
@unixslayer unixslayer requested a review from dgafka January 23, 2026 20:44
dgafka
dgafka reviewed Jan 28, 2026
View reviewed changes
Copy link
Member

@dgafka dgafka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some more coverage comments and potential API improvements.

I do think we can start with this and iterate over that (e.g. discuss how we want to handle Event Streams) :)

@unixslayer
data protection:
3bbef3b 
- use `Ecotone\DataProtection\Attribute\UsingSensitiveData` to define messages with sensitive data
- use `Ecotone\DataProtection\Attribute\Sensitive` to mark properties with sensitive data
- define encryption keys with `Ecotone\DataProtection\Configuration\DataProtectionConfiguration`
- sensitive data will be encrypted right before its sended to queue and decrypted right after message is being retrieved from queue
- data protection require JMSModule to be enabled
@unixslayer
tests for Event and Command Handler
b18aaea
@unixslayer
add Enterprise license annotation
5d0bd45
@unixslayer
- obfuscate full payload when message use sensitive data
2c72e37 
- allow to define sensitive headers
@unixslayer
bump ecotone version
0356036
@unixslayer
cleanups
f02870a
@unixslayer
tests cleanup
06bb11e
@unixslayer
allow to configure data protection on:
12d51bb 
- message
- endpoint
- channel
@unixslayer
missing license annotation
2e8aaf3
@unixslayer
API and general behavior changes:
647a732 
- solution provides obfuscation either for payload: either via Domain Message or entire channel
- annotated Message will have precedence over channel configuration
- obfuscating headers will be additional for message or default for channel as headers are not derivative from domain messages
- annotating single endpoint, Ecotone will try to configure obfuscator for Message based on Payload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgafka dgafka dgafka left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@unixslayer @dgafka