Fact.Encryption.KEKProvider.Explicit (Fact v0.4.0)

View Source

A Fact.Encryption.KEKProvider that takes the KEK directly from the options.

This is the simplest provider — the caller supplies the key material when opening the database. Key sourcing (environment variables, vault clients, config files) is the caller's responsibility.

Examples

Fact.open("data/turtles",
  encryption: [
    kek_provider: Fact.Encryption.KEKProvider.Explicit,
    kek: System.fetch_env!("FACT_KEK") |> Base.decode64!()
  ]
)

Summary

Functions

fetch_kek(opts)

Fetches the KEK from the :kek option.

Functions

fetch_kek(opts)

(since 0.4.0) 
@spec fetch_kek(keyword()) :: {:ok, binary()} | {:error, term()}

Fetches the KEK from the :kek option.

Expects opts to contain a :kek key with a binary value of 16, 24, or 32 bytes (corresponding to AES-128, AES-192, or AES-256).