Skip to main content

haste_encryption/
traits.rs

1use haste_fhir_operation_error::OperationOutcomeError;
2use std::{future::Future, pin::Pin};
3
4/// A secret's raw byte value. `Debug` is redacted so the value never
5/// ends up in logs or error messages by accident.
6pub struct Secret(Vec<u8>);
7
8impl Secret {
9    pub fn new(bytes: Vec<u8>) -> Self {
10        Self(bytes)
11    }
12
13    pub fn expose_bytes(&self) -> &[u8] {
14        &self.0
15    }
16}
17
18impl std::fmt::Debug for Secret {
19    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
20        f.write_str("Secret(REDACTED)")
21    }
22}
23
24/// Retrieves secret material (encryption keys, credentials, etc.) by name
25/// from a backing store, e.g. AWS Secrets Manager, GCP Secret Manager, or
26/// environment variables.
27pub trait SecretsProvider: Sync + Send {
28    fn get_secret<'a>(
29        &'a self,
30        name: &'a str,
31    ) -> Pin<Box<dyn Future<Output = Result<Secret, OperationOutcomeError>> + Send + 'a>>;
32}
33
34pub struct EncryptionResult {
35    pub nonce: Vec<u8>,
36    pub ciphertext: Vec<u8>,
37}
38
39/// Symmetric encryption/decryption of arbitrary byte payloads.
40pub trait Encryptor: Sync + Send {
41    fn encrypt(&self, plaintext: &[u8]) -> Result<EncryptionResult, OperationOutcomeError>;
42    fn decrypt(&self, ciphertext: &EncryptionResult) -> Result<Vec<u8>, OperationOutcomeError>;
43}