pub trait KeyManagementClient:
Send
+ Sync
+ Debug {
// Required methods
fn wrap_key<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
key: &'life1 [u8],
wrapping_key_id: &'life2 str,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait;
fn unwrap_key<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
wrapped_key: &'life1 [u8],
wrapping_key_id: &'life2 str,
) -> Pin<Box<dyn Future<Output = Result<SensitiveBytes>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait;
fn supports_key_generation(&self) -> bool;
fn generate_key<'life0, 'life1, 'async_trait>(
&'life0 self,
wrapping_key_id: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<GeneratedKey>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait;
}Expand description
Pluggable interface for key management systems (AWS KMS, Azure Key Vault, etc.).
Required Methods§
Sourcefn wrap_key<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
key: &'life1 [u8],
wrapping_key_id: &'life2 str,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
fn wrap_key<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
key: &'life1 [u8],
wrapping_key_id: &'life2 str,
) -> Pin<Box<dyn Future<Output = Result<Vec<u8>>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Wrap (encrypt) a key using a wrapping key managed by the KMS.
Sourcefn unwrap_key<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
wrapped_key: &'life1 [u8],
wrapping_key_id: &'life2 str,
) -> Pin<Box<dyn Future<Output = Result<SensitiveBytes>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
fn unwrap_key<'life0, 'life1, 'life2, 'async_trait>(
&'life0 self,
wrapped_key: &'life1 [u8],
wrapping_key_id: &'life2 str,
) -> Pin<Box<dyn Future<Output = Result<SensitiveBytes>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
Unwrap (decrypt) a previously wrapped key.
Sourcefn supports_key_generation(&self) -> bool
fn supports_key_generation(&self) -> bool
Whether this KMS supports server-side key generation.
If true, callers can use generate_key for atomic
key generation and wrapping, which is more secure than generating a key
locally and then wrapping it.
Sourcefn generate_key<'life0, 'life1, 'async_trait>(
&'life0 self,
wrapping_key_id: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<GeneratedKey>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn generate_key<'life0, 'life1, 'async_trait>(
&'life0 self,
wrapping_key_id: &'life1 str,
) -> Pin<Box<dyn Future<Output = Result<GeneratedKey>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Generate a new key and wrap it atomically on the server side.
This is only supported when supports_key_generation
returns true.