aletheiadb 0.1.0

A high-performance bi-temporal graph database for LLM integration
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

//! Encryption at rest for AletheiaDB.
//!
//! Provides pluggable key management and cipher abstractions for encrypting
//! all persisted data (WAL, indexes, cold storage). See ADR-0028.
//!
//! # Architecture
//!
//! ```text
//! KeyProvider -> MEK -> HKDF -> DEKs -> Cipher -> Encrypted Data
//! ```
//!
//! - **KeyProvider**: Sources the Master Encryption Key (file, env, KMS)
//! - **KeyDerivation**: Derives per-component DEKs via HKDF-SHA256
//! - **Cipher**: AES-256-GCM or ChaCha20-Poly1305 AEAD encryption

pub mod audit;
pub mod cipher;
pub mod cli;
pub mod config;
pub mod error;
pub mod factory;
pub mod key_derivation;
pub mod key_provider;
pub mod manager;
pub mod rotation;
pub mod wal_encryption;

pub use audit::{AuditEvent, AuditLevel, EncryptionAuditLogger};
pub use cipher::{
    AES_256_GCM_ID, Aes256GcmCipher, CHACHA20_POLY1305_ID, ChaCha20Poly1305Cipher, Cipher,
};
pub use cli::{
    EncryptionStatus, KeyGenResult, format_encryption_status, generate_key, get_encryption_status,
    validate_key_file,
};
pub use config::{EncryptionConfig, KeyProviderConfig};
pub use error::{EncryptionError, KeyDerivationError, KeyProviderError};
pub use factory::{Algorithm, algorithm_from_id, create_cipher};
pub use key_derivation::{
    CHECKPOINT_DEK_CONTEXT, COLD_DEK_CONTEXT, INDEX_DEK_CONTEXT, KeyDerivation, WAL_DEK_CONTEXT,
};
pub use key_provider::{EnvKeyProvider, FileKeyProvider, KeyFormat, KeyProvider};
pub use manager::EncryptionManager;
pub use rotation::{KeyRotationManager, KeyVersion, RotationState};
pub use wal_encryption::{decrypt_wal_payload, encrypt_wal_payload};