kms_aead/lib.rs
1//! # KMS/AEAD envelope encryption for GCP/AWS KMS and Ring AEAD encryption
2//!
3//! Available providers:
4//! - Google Cloud Platform KMS
5//! - Amazon Web Services KMS
6//!
7//! Features:
8//! - Envelope encryption using automatically generated or provided data encryption keys;
9//! - Provides a public and simple implementation for Ring based AEAD encryption without using KMS;
10//! - Opt-in for KMS based secure random generator for GCP and AWS instead of Ring;
11//!
12//! ## Examples:
13//!
14//! For AWS:
15//! ```rust,no_run
16//! use kms_aead::providers::AwsKmsProvider;
17//! use kms_aead::*;
18//! use secret_vault_value::SecretValue;
19//!
20//!#[tokio::main]
21//! async fn main() -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
22//! let aws_account_id = config_env_var("ACCOUNT_ID")?;
23//! let aws_key_id: String = config_env_var("KMS_KEY_ID")?;
24//!
25//! let kms_ref = kms_aead::providers::AwsKmsKeyRef::new(aws_account_id, aws_key_id);
26//!
27//! let encryption: KmsAeadRingEnvelopeEncryption<AwsKmsProvider> =
28//! kms_aead::KmsAeadRingEnvelopeEncryption::new(providers::AwsKmsProvider::new(&kms_ref).await?)
29//! .await?;
30//!
31//! let secret_value = SecretValue::from("test-secret");
32//! let test_aad = "test-aad".to_string();
33//!
34//! let cipher_text = encryption.encrypt_value(&test_aad, &secret_value).await?;
35//!
36//! let secret_value = encryption
37//! .decrypt_value(&test_aad, &cipher_text)
38//! .await?;
39//!
40//! println!(
41//! "We have our secret back: {}",
42//! secret_value.sensitive_value_to_str().unwrap() == "test-secret"
43//! );
44//!
45//! Ok(())
46//! }
47//!
48//! pub fn config_env_var(name: &str) -> Result<String, String> {
49//! std::env::var(name).map_err(|e| format!("{}: {}", name, e))
50//! }
51//!
52//! ```
53//!
54//! More examples are available at [github](https://github.com/abdolence/kms-aead-rs)
55//!
56
57#![allow(unused_parens, clippy::new_without_default)]
58#![forbid(unsafe_code)]
59
60extern crate core;
61
62pub type KmsAeadResult<T> = std::result::Result<T, errors::KmsAeadError>;
63
64mod api;
65pub use api::*;
66
67pub mod errors;
68
69#[cfg(feature = "ring-aead-encryption")]
70pub mod ring_encryption;
71
72#[cfg(feature = "ring-aead-encryption")]
73mod ring_support;
74
75#[cfg(feature = "ring-aead-encryption")]
76pub mod kms_envelope_encryption;
77
78#[cfg(feature = "ring-aead-encryption")]
79pub use kms_envelope_encryption::*;
80
81mod types;
82pub use types::*;
83
84pub mod providers;