bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5fe891f472
learning_ai_common_plat/packages/field-encrypt/src/index.ts
saravanakumardb1 bb3f5385fc feat(field-encrypt): create @bytelyst/field-encrypt package with AES-256-GCM envelope encryption 
- 10 source files: types, aes-gcm, 3 key providers (memory/env/akv), envelope, key-cache, dek-store, guards, migration, factory
- 42 Vitest tests: AES-GCM roundtrips, tamper detection, unicode, 100KB payloads, key providers, DEK cache TTL/LRU, envelope lifecycle, migration (dry-run + idempotent), config validation
- AKV MEK creation script (scripts/create-encryption-keys.sh) for 10 product MEKs
- .env.example updated with FIELD_ENCRYPT_* vars
2026-03-21 09:18:10 -07:00

58 lines
2.1 KiB
TypeScript
Raw Blame History

/**
* @bytelyst/field-encrypt
*
* Application-layer field encryption for ByteLyst ecosystem.
* AES-256-GCM with envelope encryption (MEK → DEK).
*
* @example
* ```typescript
* import { createFieldEncryptor } from '@bytelyst/field-encrypt';
*
* const encryptor = createFieldEncryptor({
* keyProvider: 'memory', // 'akv' | 'env' | 'memory'
* });
*
* const encrypted = await encryptor.encrypt('sensitive data', {
* userId: 'user_123',
* context: 'transcripts',
* });
*
* const plaintext = await encryptor.decrypt(encrypted, {
* userId: 'user_123',
* context: 'transcripts',
* });
* ```
*/
// ── Main API ────────────────────────────────────────
export { createFieldEncryptor, FieldEncryptor } from './field-encryptor.js';
// ── Type guards ─────────────────────────────────────
export { isEncryptedField } from './guards.js';
// ── Types ───────────────────────────────────────────
export type {
EncryptedField,
WrappedDek,
FieldEncryptContext,
FieldEncryptorConfig,
KeyProvider,
KeyProviderType,
DekStore,
} from './types.js';
// ── Low-level (for custom integrations) ─────────────
export { encryptField, decryptField, generateAesKey } from './aes-gcm.js';
export { buildDekId, getOrCreateDek, rewrapAllDeks } from './envelope.js';
export { DekCache } from './key-cache.js';
export { MemoryDekStore } from './dek-store-memory.js';
// ── Key providers (for direct use / testing) ────────
export { MemoryKeyProvider } from './key-provider-memory.js';
export { EnvKeyProvider } from './key-provider-env.js';
export { AkvKeyProvider } from './key-provider-akv.js';
// ── Migration ───────────────────────────────────────
export { migrateDocuments } from './migration.js';
export type { MigrationResult, MigrateDocumentsOptions } from './migration.js';
Reference in New Issue View Git Blame Copy Permalink