Skip to main content

KekSource

arcly_http::compliance::crypto

Trait KekSource 

Source 
pub trait KekSource:
    Send
    + Sync
    + 'static {
    // Required methods
    fn load_keyring(&self) -> BoxFuture<'_, Result<LoadedKeyring, CryptoError>>;
    fn provision(
        &self,
        id: &KeyId,
    ) -> BoxFuture<'_, Result<DataKey, CryptoError>>;
    fn destroy(&self, id: &KeyId) -> BoxFuture<'_, Result<(), CryptoError>>;
}

Required Methods§

Source

fn load_keyring(&self) -> BoxFuture<'_, Result<LoadedKeyring, CryptoError>>

Unwrap and return every (key, all live versions) pair. Called once at boot; the result seeds the in-memory ring.

Source

fn provision(&self, id: &KeyId) -> BoxFuture<'_, Result<DataKey, CryptoError>>

Create + persist (wrapped) the next version of id — version 1 if the key is new. Returns the unwrapped DEK.

Source

fn destroy(&self, id: &KeyId) -> BoxFuture<'_, Result<(), CryptoError>>

Destroy every wrapped version of id permanently. After this returns the data sealed under id is unrecoverable from any sink.

Dyn Compatibility§

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§