Skip to main content

RefreshableCipher

Struct RefreshableCipher 

Source
pub struct RefreshableCipher<C> { /* private fields */ }
Expand description

An AEAD cipher that holds a hot-swappable inner cipher behind an ArcSwap.

This is the pure mechanism layer — it knows how to atomically swap the inner cipher by re-invoking a factory closure. Concurrent refresh attempts are serialised so that only one factory call runs at a time; waiters that arrive while a refresh is in flight adopt the result.

Policy concerns (TTL, failure backoff) are handled by ScheduledRefreshCipher, which wraps the same mechanism.

This allows runtime rotation of encryption keys (e.g. from a KMS or secret manager) without restarting the application.

For emitting, go through the selector API (select_cipher / select_sealer), which hands back a frozen snapshot. Using the type directly as an AeadEncryptor takes a fresh snapshot per call, so reading metadata and then encrypting can straddle a rotation — the hazard the selector exists to prevent (see composing crypto strategies); the bare impl exists only for composition and erasure.

All clones share the same underlying state, so a refresh performed through any clone is visible to all others — a single RefreshableCipher can be cloned into a sealer and an unsealer while one handle is kept for refresh.

Implementations§

Source§

impl<C: Debug + MaybeSendSync + 'static> RefreshableCipher<C>

Source

pub async fn refresh(&self) -> Result<bool, Error>

Refreshes the cipher by re-invoking the factory and atomically swapping the inner value.

Concurrent callers are serialised — only one factory call runs at a time. If another task already refreshed while this one was waiting for the lock, the new value is adopted without a redundant fetch.

Returns Ok(true) if new key material was fetched by this call, or Ok(false) if another task already refreshed concurrently.

§Errors

Returns an error if the factory call fails.

Source

pub fn builder<I1>() -> RefreshableCipherBuilder<C, I1>
where I1: Fn() -> Pin<Box<dyn MaybeSendFuture<Output = Result<C, Error>>>> + MaybeSendSync + 'static,

Creates a new RefreshableCipher using the given factory.

The factory is called immediately to produce the initial cipher. The same factory is called on subsequent refreshes via refresh.

§Errors

Returns an error if the initial factory call fails.

Trait Implementations§

Source§

impl<C: AeadEncryptor + 'static> AeadCipherSelector for RefreshableCipher<C>

Source§

fn select_cipher(&self) -> MaybeSendBoxFuture<'_, Arc<dyn AeadEncryptor>>

Selects the current encryptor to use for encryption, refreshing stale key material first where the implementation supports it.
Source§

impl<C: AeadDecryptor + 'static> AeadDecryptor for RefreshableCipher<C>

Source§

fn cipher_match(&self, m: &CipherMatch<'_>) -> Option<KeyMatchStrength>

Returns how well this decryptor matches the given selection criteria. Read more
Source§

fn decrypt<'a>( &'a self, cipher_match: Option<&'a CipherMatch<'a>>, nonce: &'a [u8], ciphertext: &'a [u8], tag: &'a [u8], aad: &'a [u8], ) -> MaybeSendBoxFuture<'a, Result<Vec<u8>, DecryptError>>

Asynchronously decrypts the given ciphertext with the provided nonce, tag, and associated data. Read more
Source§

fn try_refresh(&self) -> MaybeSendBoxFuture<'_, bool>

Requests a best-effort refresh of the decryptor’s key material — the cipher analogue of JwsVerifier::try_refresh. Read more
Source§

impl<C: AeadEncryptor + 'static> AeadEncryptor for RefreshableCipher<C>

Source§

fn enc_algorithm(&self) -> Cow<'_, str>

Returns the content encryption algorithm identifier (e.g. A256GCM).
Source§

fn key_id(&self) -> Option<Cow<'_, str>>

Returns the key ID for this encryptor, if any.
Source§

fn encrypt<'a>( &'a self, plaintext: &'a [u8], aad: &'a [u8], ) -> MaybeSendBoxFuture<'a, Result<AeadOutput, Error>>

Asynchronously encrypts the given plaintext with the associated data. Read more
Source§

impl<C: AeadEncryptor + 'static> AeadSealerSelector for RefreshableCipher<C>

Source§

fn select_sealer(&self) -> MaybeSendBoxFuture<'_, Arc<dyn AeadSealer>>

Selects the current sealer — a frozen key snapshot — refreshing stale key material first where the implementation supports it.
Source§

impl<C: AeadDecryptor + 'static> AeadUnsealer for RefreshableCipher<C>

Source§

fn unseal<'a>( &'a self, cipher_match: Option<&'a CipherMatch<'a>>, bundle: &'a [u8], aad: &'a [u8], ) -> MaybeSendBoxFuture<'a, Result<Vec<u8>, DecryptError>>

Decrypts a versioned bundle produced by AeadSealer::seal. Read more
Source§

impl<C> Clone for RefreshableCipher<C>

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<C: Debug> Debug for RefreshableCipher<C>

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl<C> !RefUnwindSafe for RefreshableCipher<C>

§

impl<C> !UnwindSafe for RefreshableCipher<C>

§

impl<C> Freeze for RefreshableCipher<C>

§

impl<C> Send for RefreshableCipher<C>
where C: Sync + Send,

§

impl<C> Sync for RefreshableCipher<C>
where C: Sync + Send,

§

impl<C> Unpin for RefreshableCipher<C>

§

impl<C> UnsafeUnpin for RefreshableCipher<C>

Blanket Implementations§

Source§

impl<T> AeadCipher for T

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> MaybeSend for T
where T: Send,

Source§

impl<T> MaybeSendSync for T
where T: Send + Sync,

Source§

impl<T> MaybeSync for T
where T: Sync,

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> SealedAeadCipherSelector for T

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.