Skip to main content

tf_types/generated/
vault_file.rs

1// GENERATED by `tf-schema codegen --target rust` — DO NOT EDIT BY HAND.
2
3#![allow(unused_imports, non_camel_case_types, non_snake_case, clippy::all)]
4
5use serde::{Deserialize, Serialize};
6use super::*;
7
8/// One encrypted entry.
9#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
10pub struct VaultEntry {
11    /// Stable identifier for this entry within the vault.
12    pub id: String,
13    /// What the key is used for.
14    pub purpose: VaultEntry_Purpose,
15    /// Algorithm this key targets, e.g. ed25519.
16    pub algorithm: AlgorithmId,
17    /// Base64-encoded 12-byte AEAD nonce.
18    pub nonce: String,
19    /// Base64-encoded AEAD ciphertext (includes 16-byte tag).
20    pub ciphertext: String,
21    /// When this entry was written.
22    pub created_at: Timestamp,
23}
24
25/// What the key is used for.
26#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
27pub enum VaultEntry_Purpose {
28    #[serde(rename = "signing")]
29    Signing,
30    #[serde(rename = "kem")]
31    Kem,
32    #[serde(rename = "attestation")]
33    Attestation,
34    #[serde(rename = "raw")]
35    Raw,
36}
37
38/// Passphrase-encrypted key vault on disk. KDF = Argon2id, cipher = ChaCha20-Poly1305.
39#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
40pub struct VaultFile {
41    /// Version of the vault file schema itself.
42    pub vault_version: VaultFile_VaultVersion,
43    /// Key-derivation parameters used to turn the passphrase into the 32-byte wrap key.
44    pub kdf: VaultFile_Kdf,
45    /// AEAD cipher used to seal each entry.
46    pub cipher: VaultFile_Cipher,
47    /// Encrypted entries. Each entry's ciphertext decrypts under the wrap key to raw key bytes.
48    pub entries: Vec<VaultEntry>,
49}
50
51/// AEAD cipher used to seal each entry.
52#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
53pub struct VaultFile_Cipher {
54    /// AEAD algorithm. Only ChaCha20-Poly1305 is supported in this phase.
55    pub algorithm: String,
56}
57
58/// Key-derivation parameters used to turn the passphrase into the 32-byte wrap key.
59#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
60pub struct VaultFile_Kdf {
61    /// KDF algorithm. Only Argon2id is supported in this phase.
62    pub algorithm: String,
63    /// Base64-encoded Argon2id salt (at least 16 bytes).
64    pub salt: String,
65    /// Memory cost in KiB.
66    pub m_cost: i64,
67    /// Iteration count.
68    pub t_cost: i64,
69    /// Parallelism factor.
70    pub p_cost: i64,
71}
72
73/// Version of the vault file schema itself.
74#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
75pub enum VaultFile_VaultVersion {
76    #[serde(rename = "1")]
77    V1,
78}