Crate vitaminc_kms

Expand description

§Vitamin C KMS

A MAC implementation using vitaminc that uses AWS KMS to generate HMACs. This implementation is asynchronous and uses the aws_sdk_kms crate to interact with AWS KMS.

This crate is part of the Vitamin C framework to make cryptography code healthy.

§Example

use aws_sdk_kms::Client;
use vitaminc_protected::Protected;
use vitaminc_traits::Update;
use vitaminc_async_traits::AsyncFixedOutput;
use vitaminc_kms::{AwsKmsHmac, Info};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    use aws_config::{BehaviorVersion, Region};

    let config = aws_sdk_kms::config::Builder::default()
        .behavior_version(BehaviorVersion::v2025_08_07())
        .region(Region::new("us-east-1"))
        .endpoint_url(endpoint_url)
        .build();

    // `key_id` is the ID or ARN of the KMS key to use
    let tag = AwsKmsHmac::<64>::new(config, key_id)
        .chain(&Protected::new(vec![1, 2, 3, 4, 5, 6, 7, 8, 9, 0]))
        .chain(Info("account_id"))
        .try_finalize_fixed()
        .await?;

    Ok(())
}

Structs§

AwsKmsHmac: A Mac implementation that uses AWS KMS to generate HMACs of N bytes. Valid sizes are 28, 32, 48, and 64 bytes.
Info: Named type to represent non-sensitive data that is passed to the update method. Using a specific type allows us to reason about the input type and its sensitivity. TODO: This probably should be part of the vitaminc_traits crate.

Enums§

Error

Crate vitaminc_kms

Crate vitaminc_kms Copy item path

§Vitamin C KMS

§Example

Structs§

Enums§

Crate vitaminc_kms