Module keys 

Key derivation helpers using HKDF-SHA256.

From a single master key we derive:

• A unique per-secret encryption key for each secret name.
• A dedicated HMAC key for vault integrity checks.

HKDF (RFC 5869) uses the master key as input keying material (IKM) and a context string (info) to produce independent sub-keys.

Structs

MasterKey

A wrapper around a 32-byte master key that automatically zeroes its memory when dropped.

Functions

derive_hmac_key

Derive an HMAC key from the master key.

derive_secret_key

Derive a per-secret encryption key from the master key.