Expand description
Sealed marker trait for storage backends that encrypt data at rest.
EncryptedStorage is a sealed marker trait — only implementable inside
scp-platform. External crates can see and require the trait, but cannot
implement it for their own types. This prevents unencrypted backends from
satisfying the bound.
Production backends (SqliteStorage, AppleStorage) implement it directly.
Custom backends that don’t natively encrypt should be wrapped in
EncryptingAdapter, which
adds per-value AES-256-GCM encryption and implements EncryptedStorage.
§Why sealed?
Encryption at rest is a security invariant, not a behavioral contract that
external code can meaningfully promise. Sealing the trait ensures the
compiler enforces the invariant — only code within scp-platform can vouch
for a backend’s encryption.
See issue #695 and spec §17.5.
Traits§
- Encrypted
Storage - Marker trait for
Storagebackends that encrypt data at rest.