312 WJUGxDatev "Types as Ubiquitous language" & "E2E encryption with Kafka" [EN]

WJUG on tour - we will visit an office of Datev (learn more about Datev) in Brain Embassy Jerozolimskie. This time engineers from Datev will cover two topics that are always on fire at WJUG meetups - an ubiquitous language, so important in beloved DDD, and data SECURITY in Kafka.

Important: We are guests in Datev's offices, so any latecomers may have problems to get in. Please be there or be square!

The list from meetup.com will be checked at the entrance.

1. “Types as Ubiquitous Language” (approx. 40 min.)– Jakub Pierzchlewicz says about himself: I am a software engineer, this is at a heart of everything I do: bring engineering process to software development. I have been building software for more than a decade (and sometimes it even worked), in fintechs, media, project management tools, domains, building Java monoliths and nano services everywhere I went.
2. Abstract
3. Maintaining consistent domain language in the system is a challenge. Especially if our bounded context covers more than one domain. I propose a very simple technique that can be used to help solve this issue while also enable us to better understand our contexts boundaries.
4. “End-to-end encryption with Kafka Topics” (approx. 60 min.) – Uwe Schumacher: Software engineer at DATEV eG since 2000 and freelance developer by heart.
5. Abstract
6. End-to-end or application-side encryption/decryption of data-at-rest is an additional measure to protect sensitive and
7. business-critical data from privileged or administrative access. Because Data breaches can have a significant impact
8. on the affected company, it becomes especially important in public, private or hybrid cloud scenarios,
9. where data is stored in a shared infrastructure managed by honest people who could be a target for attackers or
10. not so honest people that act maliciously on their own behalf.
11. End-to-end encryption during data-at-rest in all storage systems used, makes it more difficult for practically any attacker to misuse data, regardless of their initial attacking position and even after it has been illegally stolen; provided that the attacker does not have access to the encryption keys.
12. This article uses a Spring Boot example to show how end-to-end encryption with Kafka Topics can be transparently implemented.
13. After the Kafka messages have been consumed and processed, the data is finally stored in a database with
14. (additional) end-to-end encrypted columns.
15. We use a HashiCorp Vault as our "Fort Knox" to protect the key material and highlight two possible strategies
16. for end-to-end encryption:
17. 1. Encryption as a Service (EaaS) with Vaults Transit Security Engine
18. 2. Local encryption strategy.
19. The latter strategy can already be regarded as an information leak, as the key material has to be exported to the application at runtime.
20. The implementation effort is significantly higher and adds a further level of complexity to our application.