Hi All, I have drafted a proposal to add `isEncrypted` field to EncryptionContext, which will involve a new public API change.
*Motivation:* Applications using Pulsar's encryption feature with `ConsumerCryptoFailureAction.CONSUME` need to determine whether received messages were successfully decrypted or if decryption failed. This is essential for: 1. **Error handling**: Applications need to know when they receive encrypted (undecrypted) data to handle it appropriately 2. **Monitoring**: Applications want to track decryption success/failure rates for monitoring and alerting 3. **Manual decryption**: When automatic decryption fails, applications may want to attempt manual decryption using the EncryptionContext 4. **Security compliance**: Applications need to ensure they're not inadvertently processing encrypted data as plain text **Current situation:** - Consumers with `CONSUME` action receive messages regardless of decryption success - No programmatic way to distinguish between successfully decrypted and failed decryption messages - Applications must implement workarounds to detect encrypted vs. decrypted content **Use cases this solves:** 1. Consumer without private key configured → should know decryption failed 2. Consumer with mismatched private key → should know decryption failed 3. Consumer with correct private key → should know decryption succeeded The full proposal is available for review here: https://github.com/apache/pulsar/pull/24481 I welcome any feedback, questions, or suggestions you may have. Thanks, Penghui
