secret-manager 0.1.1

A distributed secret rotation and management library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138

use crate::encryptor::{Encrypted, EncryptorError, KeyEncryptor};
use aes_gcm_siv::aead::{Aead, KeyInit};
use aes_gcm_siv::{Aes256GcmSiv, Nonce};
use async_trait::async_trait;
use rand::{Rng, rng};

/// [`KeyEncryptor`] that encrypts key material locally using AES-256-GCM-SIV.
///
/// A random 12-byte nonce is generated for every [`encrypt`](KeyEncryptor::encrypt) call and
/// stored in [`Encrypted::nonce`].  This is required for [`decrypt`](KeyEncryptor::decrypt) —
/// ciphertexts produced by other encryptors (e.g. KMS) that carry `nonce: None` will fail.
///
/// `LocalEncryptor` is a good fit when you want at-rest encryption without a network round-trip
/// and your key-encryption key is already available locally (e.g. loaded from a secrets manager
/// at startup or injected via an environment variable).
///
/// # Key versioning
///
/// `version` is stored in [`Encrypted::key_version`].  When you rotate the key-encryption key,
/// bump `version` and keep the old `LocalEncryptor` around for decryption of existing records.
#[derive(Clone, Copy)]
pub struct LocalEncryptor {
    key: [u8; 32],
    version: u8,
}

impl LocalEncryptor {
    /// Create a new `LocalEncryptor`.
    ///
    /// - `key` — 32-byte key-encryption key (AES-256)
    /// - `version` — stored in [`Encrypted::key_version`]; increment when you rotate the KEK
    pub fn new(key: &[u8; 32], version: u8) -> Self {
        Self { key: *key, version }
    }

    fn cipher(&self) -> Aes256GcmSiv {
        Aes256GcmSiv::new_from_slice(&self.key).expect("key is exactly 32 bytes")
    }
}

#[async_trait]
impl KeyEncryptor for LocalEncryptor {
    async fn encrypt(&self, plaintext: &[u8]) -> Result<Encrypted, EncryptorError> {
        let mut nonce_bytes = [0u8; 12];
        rng().fill_bytes(&mut nonce_bytes);
        let nonce = Nonce::from(nonce_bytes);

        let ciphertext = self
            .cipher()
            .encrypt(&nonce, plaintext)
            .map_err(|e| EncryptorError::EncryptionFailed(format!("{e:?}")))?;

        Ok(Encrypted {
            ciphertext,
            nonce: Some(nonce_bytes),
            key_version: self.version,
        })
    }

    async fn decrypt(&self, encrypted: &Encrypted) -> Result<Vec<u8>, EncryptorError> {
        let nonce_bytes = encrypted.nonce.ok_or(EncryptorError::MissingNonce)?;
        let nonce = Nonce::from(nonce_bytes);

        self.cipher()
            .decrypt(&nonce, encrypted.ciphertext.as_ref())
            .map_err(|e| EncryptorError::DecryptionFailed(format!("{e:?}")))
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    const TEST_KEY: [u8; 32] = [0x42; 32];
    const TEST_VERSION: u8 = 1;

    #[tokio::test]
    async fn test_local_encrypt_decrypt() {
        let encryptor = LocalEncryptor::new(&TEST_KEY, TEST_VERSION);
        let plaintext = b"local-secret-key-material";

        let encrypted = encryptor.encrypt(plaintext).await.unwrap();
        assert_ne!(encrypted.ciphertext, plaintext);
        assert_eq!(encrypted.key_version, TEST_VERSION);
        assert!(encrypted.nonce.is_some());
        assert_eq!(encrypted.nonce.as_ref().unwrap().len(), 12);

        let decrypted = encryptor.decrypt(&encrypted).await.unwrap();
        assert_eq!(decrypted, plaintext);
    }

    #[tokio::test]
    async fn test_local_unique_nonces() {
        let encryptor = LocalEncryptor::new(&TEST_KEY, TEST_VERSION);
        let plaintext = b"same-plaintext";

        let encrypted1 = encryptor.encrypt(plaintext).await.unwrap();
        let encrypted2 = encryptor.encrypt(plaintext).await.unwrap();

        assert_ne!(encrypted1.nonce, encrypted2.nonce);
        assert_ne!(encrypted1.ciphertext, encrypted2.ciphertext);
    }

    #[tokio::test]
    async fn test_local_decrypt_wrong_key() {
        let encryptor1 = LocalEncryptor::new(&TEST_KEY, TEST_VERSION);
        let mut wrong_key = TEST_KEY;
        wrong_key[0] ^= 1;
        let encryptor2 = LocalEncryptor::new(&wrong_key, TEST_VERSION);

        let plaintext = b"secret-stuff";
        let encrypted = encryptor1.encrypt(plaintext).await.unwrap();

        let result = encryptor2.decrypt(&encrypted).await;
        assert!(result.is_err());
    }

    #[tokio::test]
    async fn test_local_decrypt_missing_nonce() {
        let encryptor = LocalEncryptor::new(&TEST_KEY, TEST_VERSION);
        let mut encrypted = encryptor.encrypt(b"data").await.unwrap();
        encrypted.nonce = None;

        let result = encryptor.decrypt(&encrypted).await;
        assert!(result.is_err());
        assert!(result.unwrap_err().to_string().contains("missing nonce"));
    }

    #[tokio::test]
    async fn test_local_decrypt_tampered_ciphertext() {
        let encryptor = LocalEncryptor::new(&TEST_KEY, TEST_VERSION);
        let mut encrypted = encryptor.encrypt(b"sensitive-data").await.unwrap();
        encrypted.ciphertext[0] ^= 1;

        let result = encryptor.decrypt(&encrypted).await;
        assert!(result.is_err());
    }
}