You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ah I see what you were saying now - that it would have been preferable to inject the fully constructed encryptor.
I think the way to decouple this would be to have a "subkey provider" which the DAL implements. Then you can pass in an encryptor builder, the DAL calls builder.Build(subkeyProvider) to construct the encryptor.
Fixes#2290
Follows #2312
Needs work: #2346#2348
> [!CAUTION]
> Will nuke logs and async columns!
- Uses KMS via tink `FTL_KMS_URI`, so `fake-kms://` or `aws-kms://` will
work. Omitting will not encrypt.
- Remove old plaintext keys envs.
---------
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Matt Toohey <[email protected]>
Ah I see what you were saying now - that it would have been preferable to inject the fully constructed encryptor.
I think the way to decouple this would be to have a "subkey provider" which the DAL implements. Then you can pass in an encryptor builder, the DAL calls
builder.Build(subkeyProvider)
to construct the encryptor.LMK if that needs clarification.
Originally posted by @alecthomas in #2338 (comment)
The text was updated successfully, but these errors were encountered: