Production Guide
From Demo to Production
The code in this repository is designed for educational purposes. To take these concepts to production, follow these best practices.
🔑 Secrets Management
Demo: Uses hardcoded keys or environment variables passed directly to the build.
Production:
- Use a Key Management Service (KMS) like AWS KMS, Vault, or Azure Key Vault.
- Rotate encryption keys regularly (key versioning).
- Inject keys into the `Conversion` class via a dependency injection framework (Spring, Guice).
📦 Distribution
Demo: Sources are in the same repo.
Production:
- Package your custom logical types and conversions as a separate Maven/Gradle artifact.
- Publish to a private artifact repository (Artifactory, Nexus).
- Consumers and Producers add this library as a dependency.
🛡️ Schema Governance
Demo: Evolution is manual.
Production:
- Enforce BACKWARD or FULL compatibility in the Schema Registry.
- Treat `.avdl` files as code: require code reviews for changes.
- Automate `schemaRegistrycompatibility` checks in CI/CD pipelines.
🚨 Failure Handling
Demo: Logs errors to stdout.
Production:
- Decide on a strategy for decryption failures: Dead Letter Queue (DLQ) vs. poison pill.
- Emit metrics for encryption/decryption latency.
- Alert on sudden spikes in conversion errors.
Next Steps
Ready to implement? Scaffold your own custom logical type to get started.
./gradlew newLogicalType -Pname=MySecureType