pd_cipher::keys::providers

Key storage and management provider implementations. Key provider abstractions for flexible key management.

This module provides a clean abstraction layer for key management, enabling support for multiple storage backends including in-memory, file system, cloud KMS, and hardware security modules.

Structs

KeyDerivationParams

Parameters for password-based key derivation.

pub struct KeyDerivationParams

KeyMetadata

Metadata associated with a stored key.

pub struct KeyMetadata

ProviderCapabilities

Capability flags for key provider implementations.

These flags indicate what features a specific provider supports, allowing applications to adapt their behavior accordingly.

pub struct ProviderCapabilities

Traits

KeyProvider

Abstraction for key management operations.

The KeyProvider trait enables pluggable key management backends, allowing applications to choose between in-memory storage, file systems, cloud KMS services, or hardware security modules based on their needs.

Security Model

Implementations must ensure:

Keys are stored securely according to the backend's capabilities
Access control is enforced at the provider level
Key material is protected in transit and at rest
Proper audit logging of key operations

Examples

In-Memory Provider

use pd_cipher::keys::providers::{KeyProvider, memory::InMemoryKeyProvider};
use pd_cipher::keys::{EncryptionAlgorithm, KeyGenerator};

# fn example() -> pd_cipher::Result<()> {
let mut provider = InMemoryKeyProvider::new();
let key = KeyGenerator::generate_key(EncryptionAlgorithm::Aes256Gcm)?;

let key_id = provider.store_key("my-key", key, None)?;
let retrieved = provider.load_key(&key_id)?;
# Ok(())
# }

File System Provider

use pd_cipher::keys::providers::{KeyProvider, filesystem::FileSystemKeyProvider};
use pd_cipher::keys::{EncryptionAlgorithm, KeyGenerator};
use std::path::Path;

# fn example() -> pd_cipher::Result<()> {
let mut provider = FileSystemKeyProvider::new(Path::new("./keys"))?;
let key = KeyGenerator::generate_key(EncryptionAlgorithm::XChaCha20Poly1305)?;

let key_id = provider.store_key("production-key", key, Some("Main encryption key".to_string()))?;
let retrieved = provider.load_key(&key_id)?;
# Ok(())
# }

pub trait KeyProvider

AdvancedKeyProvider

Extended trait for providers that support additional capabilities.

pub trait AdvancedKeyProvider

Structs​

KeyDerivationParams​

KeyMetadata​

ProviderCapabilities​

Traits​

KeyProvider​