Expand description
Hold Your Own Key (HYOK) encryption service.
This library provides a flexible system for managing encrypted data using customer-managed encryption keys. It supports:
- Multiple key management services (AWS KMS, Azure Key Vault)
- Custom encryption strategies
- Key caching and persistence
- Type-safe data handling
The library follows the envelope encryption pattern where data is encrypted with Data Encryption Keys (DEKs) which are themselves protected by Customer Managed Keys (CMKs).
Modules§
- cache
- cmk
- Customer Managed Key (CMK) management and operations.
- dek
- Data Encryption Key (DEK) management and operations.
- encryption
- Data encryption strategies and implementations.
- error
- Error types used throughout the DEK management system.
Structs§
- HYOK
Service - Main service for managing encrypted data using the HYOK pattern.
- HYOK
Service Builder - Builder for configuring and creating HYOK service instances.
- Held
Value - A container for encrypted data that can be released into different types.
Enums§
- CMKConfig
- Configuration options for Customer Managed Keys (CMKs).
- Cache
Config - Configuration options for DEK caching.
- Generator
Config - Configuration options for DEK generation.
- Persister
Config - Configuration options for DEK persistence.
Traits§
- Release
Held Object - A trait for releasing encrypted objects using a specific encryption strategy.
- Release
Held Value - A trait for releasing encrypted values into specific types.
Functions§
- Held
- Helper function to create a new encrypted value.