Support end to end encryption/decryption#445
Merged
BewareMyPower merged 6 commits intoapache:masterfrom Dec 22, 2025
Merged
Conversation
shibd
changed the title
There was a problem hiding this comment.
Pull request overview
This pull request adds end-to-end encryption and decryption support to the Pulsar Node.js client. The implementation introduces a CryptoKeyReader abstraction that allows users to provide custom encryption key management logic through JavaScript, which is then bridged to the underlying Pulsar C++ library.
- Introduces
CryptoKeyReaderclass that users can extend to provide encryption keys - Adds
getEncryptionContext()method to Message class to retrieve encryption metadata - Supports both
encryptionKeysarray andcryptoKeyReaderconfiguration for producers and consumers
Reviewed changes
Copilot reviewed 10 out of 11 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/encryption.test.js | New test file with two test cases covering successful encryption/decryption and decryption failure scenarios |
| src/addon.cc | Registers the new CryptoKeyReader class in the Node.js addon exports |
| src/ProducerConfig.cc | Adds support for encryptionKeys array and cryptoKeyReader configuration options for producers |
| src/Message.h | Declares the new GetEncryptionContext method |
| src/Message.cc | Implements GetEncryptionContext by accessing internal message structure and extracting encryption metadata including keys, algorithm, compression info, and decryption status |
| src/CryptoKeyReader.h | Header file defining the CryptoKeyReader wrapper class interface |
| src/CryptoKeyReader.cc | Implements CryptoKeyReaderWrapper that bridges JavaScript key reader implementations to C++ through thread-safe callbacks |
| src/ConsumerConfig.cc | Adds cryptoKeyReader configuration support for consumers |
| index.js | Exports the CryptoKeyReader class |
| index.d.ts | Adds TypeScript type definitions for CryptoKeyReader, EncryptionKeyInfo, EncryptionContext, and EncryptionKey interfaces |
| binding.gyp | Includes CryptoKeyReader.cc in the build configuration |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
BewareMyPower
approved these changes
Dec 22, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Support end to end encryption/decryption
Modifications
Verifying this change
Documentation
doc-required(Your PR needs to update docs and you will update later)
doc-not-needed(Please explain why)
doc(Your PR contains doc changes)
doc-complete(Docs have been already added)