Re-exports§
pub use cipherstash_config;
Modules§
- testing
- Implementations of
Dummy
for various types in thezerokms-protocol
crate.
Structs§
- Create
Client Request - Request message to create a new client with the given name, description and keyset_id.
- Create
Client Response - Response message to a CreateClientRequest.
- Create
Keyset Request - Request message to create a new Keyset with the given name and description.
- Delete
Client Request - Request message to delete a client and all associated authority keys.
- Delete
Client Response - Disable
Keyset Request - Request message to disable a keyset.
Requires the
dataset:disable
scope. Response is an EmptyResponse. - Empty
Response - Represents an empty response for requests that don’t return any data.
- Enable
Keyset Request - Request message to enable a keyset that has was previously disabled.
Requires the
dataset:enable
scope. Response is an EmptyResponse. - Generate
KeyRequest - A request message to generate a data key made on behalf of a client in the given keyset.
- Generate
KeyResponse - Response to a GenerateKeyRequest.
- Generate
KeySpec - A specification for generating a data key used in a GenerateKeyRequest.
- Generated
Key - Represents generated data key material which is used by the client to derive data keys with its own key material.
- Grant
Keyset Request - Request message to grant a client access to a keyset.
Requires the
dataset:grant
scope. - KeyId
- Keyset
- Struct representing a keyset. This is the response to a CreateKeysetRequest and a in a vector in the response to a ListKeysetRequest.
- Keyset
Client - Response type for a ListClientRequest.
- List
Client Request - Request message to list all clients.
- List
Keyset Request - Request message to list all Keysets.
- Load
Keyset Request - Request to load a keyset on behalf of a client. This is used by clients before indexing or querying data and includes key material which can be derived by the client to generate encrypted index terms.
- Load
Keyset Response - Response to a LoadKeysetRequest. The response includes the key material required to derive data keys. It is analogous to a RetrieveKeyResponse but where the server generated the key.
- Modify
Keyset Request - Request message to modify a keyset with the given keyset_id.
name
anddescription
are optional and will be updated if provided. - Name
- The unique name of a resource (within some scope: e.g. a workspace).
- Retrieve
KeyRequest - Request to retrieve a data key on behalf of a client in the given keyset.
Requires the
data_key:retrieve
scope. Response is a RetrieveKeyResponse. - Retrieve
KeyRequest Fallible - Request to retrieve a data key on behalf of a client in the given keyset.
Requires the
data_key:retrieve
scope. Response is a RetrieveKeyResponse. - Retrieve
KeyResponse - Response to a RetrieveKeyRequest. Contains a list of RetrievedKeys.
- Retrieve
KeyResponse Fallible - Response to a RetrieveKeyRequest with per-key error handling
- Retrieve
KeySpec - A specification for retrieving a data key used in a RetrieveKeyRequest.
- Retrieved
Key - Returned type from a RetrieveKeyRequest.
- Revoke
Keyset Request - Request message to revoke a client’s access to a keyset.
Requires the
dataset:revoke
scope. Response is an EmptyResponse. - Unverified
Context - A loose, schema‑free context map that can carry scalars, arrays, and nested maps.
- Vitur
KeyMaterial - Key material type used in GenerateKeyRequest and RetrieveKeyRequest as well as CreateClientResponse.
- Vitur
Request Error - Re-exports
Enums§
- Client
Keyset Id - Struct representing the keyset ids associated with a client which could be a single keyset or multiple keysets.
- Context
- Represents a contextual attribute for a data key which is used to “lock” the key to a specific context. Context attributes are included key tag generation which is in turn used as AAD in the final encryption step in the client. Context attributes should never include any sensitive information.
- Identified
By - A UUID or textual name that can uniquely identify a resource. Whereas a UUID is a global identifier,
name
is not implied to be globally unique, but unique within scope implied scope: e.g. a workspace. - Unverified
Context Value - Any JSON value we need to handle.
- Vitur
Request Error Kind - Re-exports