ListTablesSupportingRewrap lists all the table names registered with a rewrap function.

New creates a Kms using the provided reader and writer.

NewUsingReaderWriter creates a Kms using the provided reader and writer.

RegisterTableRewrapFn registers a function to be used to rewrap data in a specific table with a new key.

TestKms creates a kms for testing.

TestKmsDeleteAllKeys allows you to delete all the keys for testing.

TestKmsDeleteKeyPurpose allows you to delete a KeyPurpose for testing.

ValidDekPurposes returns the current list of valid DEK key purposes.

WithBsrWrapper sets the external Bsr wrapper for a KMS.

WithKeyId allows specifying a key ID that should be found in a scope's multiwrapper; if it is not found, keys will be refreshed.

WithLimit provides an option to provide a limit.

WithOrderByVersion provides an option to specify ordering by the CreateTime field.

WithRandomReader(...) option allows an optional random reader to be provided.

WithReaderWriter allows the caller to pass an inflight transaction to be used for all database operations.

WithRecoveryWrapper sets the recovery wrapper for a given scope.

WithRewrap allows for optionally specifying that the keys should be rewrapped.

WithRootWrapper sets the external root wrapper for a given scope.

WithScopeIds allows the specifying of optional scope ids.

WithWorkerAuthStorageWrapper sets the external pki worker storage wrapper for a given scope.

WithWorkerAuthWrapper sets the external worker authentication wrapper for a given scope.

KeyPurposeAudit is used for audit operations.

KeyPurpose is used for wrapping BSR keys.

KeyPurposeDatabase is used for general encryption needs for most values in the database, excluding the oplog.

KeyPurposeOidc is used for encrypting oidc states included in authentication URLs.

KeyPurposeOplog is used for oplogs.

KeyPurposeRecovery is used for recovery access.

KeyPurposeRootKey is used as the root key.

KeyPurposeSessions is used as a base key to derive session-specific encryption keys.

KeyPurposeTokens is used for token encryption.

KeyPurposeUnknown is the default, and indicates that a correct purpose wasn't specified.

KeyPurposeWorkerAuth is used for worker auth.

KeyPurposeWorkerAuthStorage is used for worker credential storage.

DataKeyVersionDestructionJob is used to read and write data key version destruction jobs in the DB.

DataKeyVersionDestructionJobProgress is used to read data key version destruction job progress from the DB.

DataKeyVersionDestructionJobRun is used to read and write data key version destruction job runs in the DB.

DataKeyVersionDestructionJobRunAllowedTableName is used to read the names of tables that reference the data key version.

ExternalWrappers holds wrappers defined outside of Boundary, e.g.

Kms is a way to access wrappers for a given scope and purpose.

MockGetWrapperer provides a mock for returning a set of mock values for a GetWrapperer.

MockWrapper provides a mock for returning a set of mock values for a Wrapper.

GetWrapperer defines (and constrains) the kms features required by the RewrapFn.

KeyPurpose allows an application to specify the reason they need a key; this is used to select which DEK to return.

Option - how Options are passed as arguments.