Skip to main content

KeyEncryptor

secret_manager

Trait KeyEncryptor 

Source 
pub trait KeyEncryptor:
    Send
    + Sync
    + 'static {
    // Required methods
    fn encrypt<'life0, 'life1, 'async_trait>(
        &'life0 self,
        plaintext: &'life1 [u8],
    ) -> Pin<Box<dyn Future<Output = Result<Encrypted, EncryptorError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
    fn decrypt<'life0, 'life1, 'async_trait>(
        &'life0 self,
        encrypted: &'life1 Encrypted,
    ) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, EncryptorError>> + Send + 'async_trait>>
       where Self: 'async_trait,
             'life0: 'async_trait,
             'life1: 'async_trait;
}
Expand description

Encrypts and decrypts key material before it is persisted to storage.

Use NoOpEncryptor when at-rest encryption is not required. For local AES-256-GCM-SIV use LocalEncryptor. For AWS KMS use KmsEncryptor.

Required Methods§

Source

fn encrypt<'life0, 'life1, 'async_trait>( &'life0 self, plaintext: &'life1 [u8], ) -> Pin<Box<dyn Future<Output = Result<Encrypted, EncryptorError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Encrypt plaintext and return the ciphertext bundle.

Source

fn decrypt<'life0, 'life1, 'async_trait>( &'life0 self, encrypted: &'life1 Encrypted, ) -> Pin<Box<dyn Future<Output = Result<Vec<u8>, EncryptorError>> + Send + 'async_trait>>
where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait,

Decrypt an Encrypted bundle back to plaintext.

Implementors§