[jira] [Created] (CAMEL-23726) camel-pqc: Use JSON instead of Java serialization for key metadata in AWS and HashiCorp Vault lifecycle managers

Wed, 10 Jun 2026 04:04:10 -0700 

Andrea Cosentino created CAMEL-23726:
----------------------------------------

             Summary: camel-pqc: Use JSON instead of Java serialization for key 
metadata in AWS and HashiCorp Vault lifecycle managers
                 Key: CAMEL-23726
                 URL: https://issues.apache.org/jira/browse/CAMEL-23726
             Project: Camel
          Issue Type: Improvement
          Components: camel-pqc
            Reporter: Andrea Cosentino
            Assignee: Andrea Cosentino
             Fix For: 4.21.0, 4.18.3


h3. Background

Since CAMEL-23200, {{FileBasedKeyLifecycleManager}} stores key metadata as 
JSON. The other two {{KeyLifecycleManager}} implementations still persist 
{{KeyMetadata}} using Java serialization:

* {{AwsSecretsManagerKeyLifecycleManager}} — 
{{serializeMetadata}}/{{deserializeMetadata}} Base64-wrap a Java-serialized 
{{KeyMetadata}} ({{ObjectOutputStream}}/{{ObjectInputStream}}).
* {{HashicorpVaultKeyLifecycleManager}} — same pattern.

Relying on Java serialization for persisted state is discouraged and is 
inconsistent with {{FileBasedKeyLifecycleManager}}. All three implementations 
should use the same JSON representation ({{MetadataFileData}}/{{MetadataData}}) 
so that stored metadata is portable, human-readable, and free of Java 
serialization.

h3. Proposed change

* Convert {{AwsSecretsManagerKeyLifecycleManager}} metadata storage to JSON, 
reading existing Base64/Java-serialized values for backward compatibility and 
migrating them on access.
* Convert {{HashicorpVaultKeyLifecycleManager}} metadata storage to JSON with 
the same backward-compatible migration.
* In {{FileBasedKeyLifecycleManager}}, restrict the remaining 
{{ObjectInputStream}} usage on the legacy-migration path ({{migrateLegacyKey}}, 
{{migrateLegacyMetadata}}) to the expected types via an {{ObjectInputFilter}}.
* Add unit tests for the JSON round-trip and legacy-format migration in all 
three managers.

h3. Affected classes

* 
{{components/camel-pqc/src/main/java/org/apache/camel/component/pqc/lifecycle/AwsSecretsManagerKeyLifecycleManager.java}}
* 
{{components/camel-pqc/src/main/java/org/apache/camel/component/pqc/lifecycle/HashicorpVaultKeyLifecycleManager.java}}
* 
{{components/camel-pqc/src/main/java/org/apache/camel/component/pqc/lifecycle/FileBasedKeyLifecycleManager.java}}

Related: CAMEL-23200 introduced the JSON metadata format for 
{{FileBasedKeyLifecycleManager}}; this completes the same alignment for the AWS 
and Vault managers.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to