[jira] [Work started] (CAMEL-23726) camel-pqc: Use JSON instead of Java serialization for key metadata in AWS and HashiCorp Vault lifecycle managers

Wed, 10 Jun 2026 04:36:43 -0700 


     [ 
https://issues.apache.org/jira/browse/CAMEL-23726?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Work on CAMEL-23726 started by Andrea Cosentino.
------------------------------------------------
> camel-pqc: Use JSON instead of Java serialization for key metadata in AWS and 
> HashiCorp Vault lifecycle managers
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: CAMEL-23726
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23726
>             Project: Camel
>          Issue Type: Improvement
>          Components: camel-pqc
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Major
>             Fix For: 4.18.3, 4.21.0
>
>
> h3. Background
> Since CAMEL-23200, {{FileBasedKeyLifecycleManager}} stores key metadata as 
> JSON. The other two {{KeyLifecycleManager}} implementations still persist 
> {{KeyMetadata}} using Java serialization:
> * {{AwsSecretsManagerKeyLifecycleManager}} — 
> {{serializeMetadata}}/{{deserializeMetadata}} Base64-wrap a Java-serialized 
> {{KeyMetadata}} ({{ObjectOutputStream}}/{{ObjectInputStream}}).
> * {{HashicorpVaultKeyLifecycleManager}} — same pattern.
> Relying on Java serialization for persisted state is discouraged and is 
> inconsistent with {{FileBasedKeyLifecycleManager}}. All three implementations 
> should use the same JSON representation 
> ({{MetadataFileData}}/{{MetadataData}}) so that stored metadata is portable, 
> human-readable, and free of Java serialization.
> h3. Proposed change
> * Convert {{AwsSecretsManagerKeyLifecycleManager}} metadata storage to JSON, 
> reading existing Base64/Java-serialized values for backward compatibility and 
> migrating them on access.
> * Convert {{HashicorpVaultKeyLifecycleManager}} metadata storage to JSON with 
> the same backward-compatible migration.
> * In {{FileBasedKeyLifecycleManager}}, restrict the remaining 
> {{ObjectInputStream}} usage on the legacy-migration path 
> ({{migrateLegacyKey}}, {{migrateLegacyMetadata}}) to the expected types via 
> an {{ObjectInputFilter}}.
> * Add unit tests for the JSON round-trip and legacy-format migration in all 
> three managers.
> h3. Affected classes
> * 
> {{components/camel-pqc/src/main/java/org/apache/camel/component/pqc/lifecycle/AwsSecretsManagerKeyLifecycleManager.java}}
> * 
> {{components/camel-pqc/src/main/java/org/apache/camel/component/pqc/lifecycle/HashicorpVaultKeyLifecycleManager.java}}
> * 
> {{components/camel-pqc/src/main/java/org/apache/camel/component/pqc/lifecycle/FileBasedKeyLifecycleManager.java}}
> Related: CAMEL-23200 introduced the JSON metadata format for 
> {{FileBasedKeyLifecycleManager}}; this completes the same alignment for the 
> AWS and Vault managers.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to