Crate orchestrator_security 

SecretStore encryption, key lifecycle, audit, and secure file helpers.

This crate provides the security primitives used by the agent orchestrator for encrypting/decrypting SecretStore values, managing key rotation, emitting audit events, and creating files/directories with safe permissions.

Modules

secret_key_audit

SecretStore key audit event types and database helpers.

secret_key_lifecycle

SecretStore key lifecycle state machine and rotation logic.

secret_store_crypto

SecretStore encryption/decryption helpers (AES-256-GCM-SIV envelope scheme).

secure_files

Secure file and directory creation helpers.