Module kdf 

Password-based key derivation using Argon2id.

Argon2id is a memory-hard KDF that protects against brute-force and GPU-based attacks. Parameters are configurable via Argon2Params (loaded from .envvault.toml or sensible defaults).

Structs

Argon2Params

Configurable Argon2id parameters.

Functions

derive_master_key

Derive a 32-byte master key from a password and salt using Argon2id.

derive_master_key_with_params

Derive a 32-byte master key with explicit Argon2id parameters.

generate_salt

Generate a cryptographically random 32-byte salt.