Encrypted V1 implementation of Fact.Seam.FileWriter.

Encrypts the value before writing it to disk. Each file is written with a header containing a random nonce and authentication tag, followed by the ciphertext.

The file format is:

<<nonce::12-bytes, auth_tag::16-bytes, ciphertext::binary>>

The Data Encryption Key (DEK) is retrieved from Fact.KeyRing at write time.

Options

• :cipher - The cipher algorithm. Currently only :aes_gcm is supported. Defaults to :aes_gcm.
• :access - File access mode (:write or :append). Defaults to :write.
• :binary - Whether to open in binary mode. Defaults to true.
• :exclusive - Fail if the file already exists. Defaults to true.
• :raw - Use raw file descriptors. Defaults to false.
• :sync - Fsync after write. Defaults to false.
• :worm - Mark file read-only after write. Defaults to false.