pub struct EncryptionContext { /* private fields */ }Expand description
Runtime context for encryption operations.
This is the active encryption state for a connected client, including resolved CEKs and encryptors.
The context holds an Arc<EncryptionConfig> so providers remain accessible
across connection retries/redirects where the Config (and its inner
encryption config Arc) gets cloned multiple times.
Implementations§
Source§impl EncryptionContext
impl EncryptionContext
Sourcepub fn from_arc(config: Arc<EncryptionConfig>) -> Self
pub fn from_arc(config: Arc<EncryptionConfig>) -> Self
Create a new encryption context from an Arc-wrapped configuration.
The Arc is retained by the context so provider lookups continue to
work for the lifetime of the client — regardless of how many times
the outer Config has been cloned for retry/redirect handling.
Sourcepub fn new(config: EncryptionConfig) -> Self
pub fn new(config: EncryptionConfig) -> Self
Create a new encryption context from configuration.
Sourcepub async fn get_encryptor(
&self,
cek_entry: &CekTableEntry,
) -> Result<Arc<AeadEncryptor>, EncryptionError>
pub async fn get_encryptor( &self, cek_entry: &CekTableEntry, ) -> Result<Arc<AeadEncryptor>, EncryptionError>
Get or decrypt a CEK for a column.
This handles the CEK caching and decryption logic:
- Check cache for existing encryptor
- If not cached, decrypt CEK using the appropriate key store
- Create and cache the encryptor
Sourcepub async fn encrypt_value(
&self,
plaintext: &[u8],
cek_entry: &CekTableEntry,
encryption_type: EncryptionTypeWire,
) -> Result<Vec<u8>, EncryptionError>
pub async fn encrypt_value( &self, plaintext: &[u8], cek_entry: &CekTableEntry, encryption_type: EncryptionTypeWire, ) -> Result<Vec<u8>, EncryptionError>
Encrypt a value for a column.
§Arguments
plaintext- The plaintext value to encryptcek_entry- The CEK table entry for this columnencryption_type- Deterministic or randomized encryption
Sourcepub async fn decrypt_value(
&self,
ciphertext: &[u8],
cek_entry: &CekTableEntry,
) -> Result<Vec<u8>, EncryptionError>
pub async fn decrypt_value( &self, ciphertext: &[u8], cek_entry: &CekTableEntry, ) -> Result<Vec<u8>, EncryptionError>
Decrypt a value from an encrypted column.
§Arguments
ciphertext- The encrypted valuecek_entry- The CEK table entry for this column
Sourcepub fn clear_cache(&self)
pub fn clear_cache(&self)
Clear the CEK cache.
Call this when keys may have been rotated.
Sourcepub fn has_provider(&self, name: &str) -> bool
pub fn has_provider(&self, name: &str) -> bool
Check if a provider is registered.