Raxol.Security.Encryption.EncryptedStorage (Raxol v2.0.1)

Provides transparent encryption for data at rest.

This module handles automatic encryption and decryption of sensitive data stored in files, databases, and caches. It integrates with the KeyManager for key management and rotation.

Features

Transparent encryption/decryption
Multiple storage backends (file, database, S3)
Compression before encryption
Integrity verification with HMAC
Streaming encryption for large files
Encrypted search capabilities
Automatic re-encryption on key rotation

Summary

Types

encryption_options()

storage_backend()

Functions

child_spec(init_arg)

Returns a specification to start this module under a supervisor.

delete(storage \\ __MODULE__, key, opts \\ %{})

Deletes encrypted data.

get_stats(storage \\ __MODULE__)

Gets storage statistics.

handle_manager_cast(msg, state)

Callback implementation for Raxol.Core.Behaviours.BaseManager.handle_manager_cast/2.

list(storage \\ __MODULE__, prefix \\ nil)

Lists all stored encrypted items.

reencrypt(storage \\ __MODULE__, key, new_key_id)

Re-encrypts data with a new key.

reencrypt_all(storage \\ __MODULE__, new_key_id)

Re-encrypts all data with new keys (key rotation).

retrieve(storage \\ __MODULE__, key, opts \\ %{})

Retrieves and decrypts data.

retrieve_file(storage \\ __MODULE__, encrypted_name, output_path, opts \\ %{})

Retrieves and decrypts a file.

search(storage \\ __MODULE__, query, opts \\ %{})

Searches encrypted data without decrypting (using encrypted indices).

start_link(init_opts \\ [])

store(storage \\ __MODULE__, key, data, opts \\ %{})

Stores data with automatic encryption.

store_file(storage \\ __MODULE__, file_path, encrypted_name, opts \\ %{})

Stores a file with encryption.

Types

encryption_options()

@type encryption_options() :: %{
  optional(:compress) => boolean(),
  optional(:key_id) => String.t(),
  optional(:metadata) => map(),
  optional(:async) => boolean()
}

storage_backend()

@type storage_backend() :: :file | :database | :s3 | :memory

Functions

child_spec(init_arg)

Returns a specification to start this module under a supervisor.

See Supervisor.

delete(storage \\ MODULE, key, opts \\ %{})

Deletes encrypted data.

get_stats(storage \\ MODULE)

Gets storage statistics.

handle_manager_cast(msg, state)

Callback implementation for Raxol.Core.Behaviours.BaseManager.handle_manager_cast/2.

list(storage \\ MODULE, prefix \\ nil)

Lists all stored encrypted items.

reencrypt(storage \\ MODULE, key, new_key_id)

Re-encrypts data with a new key.

reencrypt_all(storage \\ MODULE, new_key_id)

Re-encrypts all data with new keys (key rotation).

retrieve(storage \\ MODULE, key, opts \\ %{})

Retrieves and decrypts data.

retrieve_file(storage \\ MODULE, encrypted_name, output_path, opts \\ %{})

Retrieves and decrypts a file.

search(storage \\ MODULE, query, opts \\ %{})

Searches encrypted data without decrypting (using encrypted indices).

start_link(init_opts \\ [])

store(storage \\ MODULE, key, data, opts \\ %{})

Stores data with automatic encryption.

store_file(storage \\ MODULE, file_path, encrypted_name, opts \\ %{})

Stores a file with encryption.