pub trait EncryptRecord: Serialize + DeserializeOwned {
const ENCRYPT_FIELDS: &'static [&'static str];
const KEY_ID: &'static str;
// Provided methods
fn seal(&self, vault: &CryptoVault) -> Result<Value, CryptoError> { ... }
fn seal_with_key(
&self,
vault: &CryptoVault,
key: &KeyId,
) -> Result<Value, CryptoError> { ... }
fn unseal(sealed: Value, vault: &CryptoVault) -> Result<Self, CryptoError> { ... }
}Expand description
Implemented by #[EncryptFields(...)] on a DTO. The default methods are
the whole write/read contract:
- seal: serialize → encrypt the declared fields →
Valuesafe for any sink (DB row, outbox payload, idempotency cache, DLQ). - unseal: decrypt the declared fields → deserialize back to
Self.
KEY_ID is the default scope; use the *_with_key variants for
per-subject keys resolved at runtime.
Required Associated Constants§
Sourceconst ENCRYPT_FIELDS: &'static [&'static str]
const ENCRYPT_FIELDS: &'static [&'static str]
Dotted paths ("card.number", "items.*.ssn") to seal.
Provided Methods§
fn seal(&self, vault: &CryptoVault) -> Result<Value, CryptoError>
fn seal_with_key( &self, vault: &CryptoVault, key: &KeyId, ) -> Result<Value, CryptoError>
fn unseal(sealed: Value, vault: &CryptoVault) -> Result<Self, CryptoError>
Dyn Compatibility§
This trait is not dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".