State Encryption Documentation and Partial Implementation (#1227)

Signed-off-by: StephanHCB <sbs_github_u43a@packetloss.de> Signed-off-by: Christian Mesh <christianmesh1@gmail.com> Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com> Signed-off-by: James Humphries <james@james-humphries.co.uk> Co-authored-by: StephanHCB <sbs_github_u43a@packetloss.de> Co-authored-by: Janos <86970079+janosdebugs@users.noreply.github.com> Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
2025-12-25 10:00:44 -05:00 · 2024-02-16 14:59:19 +00:00
parent 7054dda96e
commit cbab4bee83
36 changed files with 3014 additions and 2 deletions
--- a/internal/encryption/keyprovider/keyprovider.go
+++ b/internal/encryption/keyprovider/keyprovider.go
@@ -0,0 +1,28 @@
+// Copyright (c) The OpenTofu Authors
+// SPDX-License-Identifier: MPL-2.0
+// Copyright (c) 2023 HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+
+package keyprovider
+
+type Config interface {
+	Build() (KeyProvider, error)
+}
+
+type Descriptor interface {
+	// ID returns the unique identifier used when parsing HCL or JSON configs.
+	ID() ID
+
+	// ConfigStruct creates a new configuration struct pointer annotated with hcl tags. The Build() receiver on
+	// this struct must be able to build a KeyProvider from the configuration:
+	//
+	// Common errors:
+	// - Returning a struct without a pointer
+	// - Returning a non-struct
+	ConfigStruct() Config
+}
+
+type KeyProvider interface {
+	// Provide provides an encryption key. If the process fails, it returns an error.
+	Provide(metadata []byte) ([]byte, []byte, error)
+}