secure_data 0.1.2

Secret wrappers, envelope encryption, KMS providers, crypto agility, and password hashing.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

[package]
name = "secure_data"
version = "0.1.2"
edition = "2021"
license = "MIT OR Apache-2.0"
description = "Secret wrappers, envelope encryption, KMS providers, crypto agility, and password hashing."
readme = "README.md"
repository = "https://github.com/kerberosmansour/SunLitSecurityLibraries"
documentation = "https://docs.rs/secure_data"
keywords = ["security", "crypto", "secrets", "kms", "argon2"]

[lib]
name = "secure_data"

# Recognise the `cfg(kani)` flag set by `cargo kani` so the proof module
# does not trigger an `unexpected_cfgs` warning on regular builds.
# See `crates/secure_data/src/proofs.rs` and the kani.yml advisory CI lane.
[lints.rust]
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(kani)'] }

[features]
fips = ["aws-lc-rs"]
vault = ["dep:reqwest"]
aws-kms = ["dep:aws-sdk-kms", "dep:aws-config"]
password = ["dep:argon2"]
azure-kv = []
mobile-storage = []
# pq: post-quantum hybrid X25519 + ML-KEM-768 KEM behind a feature flag.
# See `docs/slo/design/pq-migration-plan.md` for the locked wire format.
pq = ["dep:ml-kem", "dep:x25519-dalek", "dep:hkdf", "dep:sha2"]

[dependencies]
security_core = { package = "security_core", version = "0.1.2", path = "../security_core" }
secure_errors = { package = "secure_errors", version = "0.1.2", path = "../secure_errors" }
security_events = { package = "security_events", version = "0.1.2", path = "../security_events" }
secrecy = { version = "0.10", features = ["serde"] }
zeroize = { version = "1", features = ["derive"] }
aes-gcm = "0.10"
chacha20poly1305 = "0.10"
rand = "0.8"
base64 = "0.22"
serde = { version = "1", features = ["derive"] }
serde_json = "1"
tokio = { version = "1", features = ["sync", "rt", "macros"] }
thiserror = "1"
aws-lc-rs = { version = "1", optional = true }
reqwest = { version = "0.12", features = ["json", "rustls-tls"], optional = true }
aws-sdk-kms = { version = "1", default-features = false, features = ["default-https-client", "rt-tokio"], optional = true }
aws-config = { version = "1", default-features = false, features = ["credentials-process", "default-https-client", "rt-tokio"], optional = true }
argon2 = { version = "0.5", optional = true }
ml-kem = { version = "0.3.0", features = ["getrandom", "zeroize"], optional = true }
x25519-dalek = { version = "2", features = ["static_secrets"], optional = true }
hkdf = { version = "0.12", optional = true }
sha2 = { version = "0.10", optional = true }

[dev-dependencies]
tokio = { version = "1", features = ["rt", "macros", "rt-multi-thread"] }
proptest = "1"