Module encryption_key_id

adaptive_pipeline_domain::value_objects

Module encryption_key_id 

Source
Expand description

§Encryption Key Identifier Value Object - Security Infrastructure

This module provides a comprehensive encryption key identifier value object that implements secure key management patterns, key rotation capabilities, and type-safe key references for the adaptive pipeline system’s encryption infrastructure.

§Overview

The encryption key identifier system provides:

  • Type-Safe Key References: Strongly-typed key identifiers with compile-time validation
  • Key Rotation Support: Versioned key management with automatic rotation capabilities
  • Security Validation: Comprehensive format validation and constraint enforcement
  • Environment Separation: Clear separation between production and development keys
  • Algorithm Support: Multi-algorithm key identification and validation
  • Audit Trail: Complete key usage tracking and lifecycle management

§Key Features

§1. Type-Safe Key Management

Strongly-typed key identifiers with comprehensive validation:

  • Compile-Time Safety: Cannot be confused with other string types
  • Runtime Validation: Format and constraint checking at creation time
  • Immutable Semantics: Value objects that cannot be modified after creation
  • Business Rule Enforcement: Security-focused validation rules

§2. Key Rotation and Versioning

Advanced key lifecycle management:

  • Version Tracking: Automatic version parsing and management
  • Key Rotation: Seamless key rotation with version increment
  • Backward Compatibility: Support for multiple key versions
  • Lifecycle Management: Complete key lifecycle tracking

§3. Security and Environment Management

Comprehensive security and environment handling:

  • Environment Separation: Clear production/development/test separation
  • Algorithm Support: Multi-algorithm key identification
  • Access Control: Environment-based access control patterns
  • Audit Trail: Complete key usage and access tracking

§Key ID Format Specification

§Standard Format

Pattern: {algorithm}-{version}-{identifier}
Examples:
  - aes256-v1-prod-2024
  - chacha20-v2-dev-abc123
  - rsa2048-v3-staging-key001
  - ed25519-v1-test-temp

§Format Constraints

  • Length: 8-64 characters total
  • Characters: Alphanumeric, hyphens (-), underscores (_)
  • Structure: Must contain at least 2 separators
  • Prefix/Suffix: Cannot start or end with separators

§Usage Examples

§Basic Key Creation and Validation

§Key Rotation and Version Management

§Environment-Specific Key Management

§Security Considerations

  • Environment Separation: Always separate production and development keys
  • Version Control: Track key versions for proper rotation
  • Access Control: Implement proper access controls based on environment
  • Audit Logging: Log all key access and usage for security auditing

§Performance Characteristics

  • Creation Time: ~5μs for key ID creation with validation
  • Validation Time: ~3μs for format validation
  • Parsing Time: ~2μs for component extraction
  • Memory Usage: ~100 bytes per key ID instance
  • Thread Safety: Immutable value objects are fully thread-safe

§Cross-Platform Compatibility

  • Rust: EncryptionKeyId newtype wrapper
  • Go: EncryptionKeyID struct with equivalent interface
  • JSON: String representation for API compatibility
  • Database: TEXT column with validation constraints

Modules§

encryption_key_id_utils
Utility functions for encryption key ID operations

Structs§

EncryptionKeyId
Encryption key identifier value object for secure key management