package encryptionpb

Get desktop application:
View/edit binary Protocol Buffers messages

Used in: MasterKeyKms

• string access_key = 1

• string secret_access_key = 2

Used in: MasterKeyKms

• string tenant_id = 1

• string client_id = 2

• string client_secret = 3

• string key_vault_url = 4

  Key vault to encrypt/decrypt data key.

• string hsm_name = 5

  optional hsm used to generate data key

• string hsm_url = 6

• string client_certificate = 7

• string client_certificate_path = 8

• string client_certificate_password = 9

The key used to encrypt the user data.

Used in: KeyDictionary, raft_serverpb.TabletSnapshotFileChunk

• bytes key = 1

  A sequence of secret bytes used to encrypt data.

• EncryptionMethod method = 2

  Method of encryption algorithm used to encrypted data.

• uint64 creation_time = 3

  Creation time of the key.

• bool was_exposed = 4

  A flag for the key have ever been exposed.

Used in: MasterKeyBased

• map<string, bytes> metadata = 1

  Metadata of the encrypted content. Eg. IV, method and KMS key ID It is preferred to define new fields for extra metadata than using this metadata map.

• bytes content = 2

  Encrypted content.

• optional MasterKey master_key = 3

  Master key used to encrypt the content.

• bytes iv = 4

  Initilization vector (IV) used.

• bytes ciphertext_key = 5

  Encrypted data key generated by KMS and used to actually encrypt data. Valid only when KMS is used.

General encryption metadata for any data type.

Used in: metapb.Region

• uint64 key_id = 1

  ID of the key used to encrypt the data.

• bytes iv = 2

  Initialization vector (IV) of the data.

Used in: backup.CipherInfo, backup.MasterKeyConfig, DataKey, FileEncryptionInfo, FileInfo

• UNKNOWN = 0

• PLAINTEXT = 1

• AES128_CTR = 2

• AES192_CTR = 3

• AES256_CTR = 4

• SM4_CTR = 5

• map<string, FileInfo> files = 1

  A map of file name to file info.

Used in: backup.DataFileInfo, import_sstpb.KVMeta

• oneof mode

  • PlainTextDataKey plain_text_data_key = 1

  • MasterKeyBased master_key_based = 2

• EncryptionMethod encryption_method = 3

  file encryption method

• bytes file_iv = 4

  iv to encrypt the file by data key

• bytes checksum = 5

  file checksum after encryption, optional if using GCM

Information about an encrypted file.

Used in: FileDictionary

• uint64 key_id = 1

  ID of the key used to encrypt the file.

• bytes iv = 2

  Initialization vector (IV) of the file.

• EncryptionMethod method = 3

  Method of encryption algorithm used to encrypted the file.

Used in: MasterKeyKms

• string credential = 1

• map<uint64, DataKey> keys = 1

  A map of key ID to dat key.

• uint64 current_key_id = 2

  ID of a key currently in use.

Master key config.

Used in: backup.MasterKeyConfig, EncryptedContent, import_sstpb.ApplyRequest

• oneof backend

  • MasterKeyPlaintext plaintext = 1

  • MasterKeyFile file = 2

  • MasterKeyKms kms = 3

Used in: FileEncryptionInfo

• repeated EncryptedContent data_key_encrypted_content = 1

  encrypted data key with metadata

MasterKeyFile is a master key backed by a file containing encryption key in human-readable hex format.

Used in: MasterKey

• string path = 1

  Local file path.

MasterKeyKms is a master key backed by KMS service that manages the encryption key, and provide API to encrypt and decrypt a data key, which is used to encrypt the content.

Used in: MasterKey

• string vendor = 1

  KMS vendor.

• string key_id = 2

  KMS key id.

• string region = 3

  KMS region.

• string endpoint = 4

  KMS endpoint. Normally not needed.

• optional AzureKms azure_kms = 5

  optional, used to set up azure master key backend

• optional GcpKms gcp_kms = 6

  optional, used to set up gcp master key backend

• optional AwsKms aws_kms = 7

  optional, used to set up aws master key backend

MasterKeyPlaintext indicates content is stored as plaintext.

Used in: MasterKey

(message has no fields)

not recommended in production. user needs to pass back the same data key for restore.

Used in: FileEncryptionInfo

(message has no fields)