secret_vault/
encryption.rs

1use crate::{SecretVaultKey, SecretVaultResult};
2use async_trait::async_trait;
3use rvstruct::*;
4use secret_vault_value::SecretValue;
5
6#[derive(Debug, Clone, Eq, PartialEq, ValueStruct)]
7pub struct EncryptedSecretValue(pub Vec<u8>);
8
9impl SecretVaultKey {
10    #[inline]
11    pub fn to_aad(&self) -> &String {
12        self.secret_name.value()
13    }
14}
15
16#[async_trait]
17pub trait SecretVaultEncryption {
18    async fn encrypt_value(
19        &self,
20        secret_vault_key: &SecretVaultKey,
21        secret_value: &SecretValue,
22    ) -> SecretVaultResult<EncryptedSecretValue>;
23
24    async fn decrypt_value(
25        &self,
26        secret_vault_key: &SecretVaultKey,
27        encrypted_secret_value: &EncryptedSecretValue,
28    ) -> SecretVaultResult<SecretValue>;
29}
30
31#[derive(Debug)]
32pub struct SecretVaultNoEncryption;
33
34#[async_trait]
35impl SecretVaultEncryption for SecretVaultNoEncryption {
36    async fn encrypt_value(
37        &self,
38        _secret_vault_key: &SecretVaultKey,
39        secret_value: &SecretValue,
40    ) -> SecretVaultResult<EncryptedSecretValue> {
41        Ok(EncryptedSecretValue::from(
42            secret_value.ref_sensitive_value().clone(),
43        ))
44    }
45
46    async fn decrypt_value(
47        &self,
48        _secret_vault_key: &SecretVaultKey,
49        encrypted_secret_value: &EncryptedSecretValue,
50    ) -> SecretVaultResult<SecretValue> {
51        Ok(SecretValue::from(encrypted_secret_value.value().clone()))
52    }
53}
54
55#[cfg(any(feature = "kms", feature = "ring-aead-encryption"))]
56impl From<kms_aead::CipherText> for EncryptedSecretValue {
57    fn from(kms_aead_value: kms_aead::CipherText) -> Self {
58        EncryptedSecretValue(kms_aead_value.value().to_owned())
59    }
60}
61
62#[cfg(any(feature = "kms", feature = "ring-aead-encryption"))]
63impl From<kms_aead::CipherTextWithEncryptedKey> for EncryptedSecretValue {
64    fn from(kms_aead_value: kms_aead::CipherTextWithEncryptedKey) -> Self {
65        EncryptedSecretValue(kms_aead_value.value().to_owned())
66    }
67}
68
69#[cfg(any(feature = "kms", feature = "ring-aead-encryption"))]
70impl From<EncryptedSecretValue> for kms_aead::CipherText {
71    fn from(encrypted_value: EncryptedSecretValue) -> Self {
72        kms_aead::CipherText(encrypted_value.value().to_owned())
73    }
74}
75
76#[cfg(any(feature = "kms", feature = "ring-aead-encryption"))]
77impl From<EncryptedSecretValue> for kms_aead::CipherTextWithEncryptedKey {
78    fn from(encrypted_value: EncryptedSecretValue) -> Self {
79        kms_aead::CipherTextWithEncryptedKey(encrypted_value.value().to_owned())
80    }
81}
secret_vault/encryption.rs

secret_vault/
encryption.rs
