Skip to content

Interface: Envelope

Defined in: core/src/schema/crypto.ts:19

End-to-end encryption primitives for plasma columns marked as .encrypted(). The server sees only opaque envelopes and cannot recover the plaintext.

v0.1 posture:

  • AES-GCM-256 with a per-record random 96-bit nonce.
  • Data key derived from a caller-supplied DEK via HKDF-SHA256.
  • AAD binds the envelope to its (table, rowId, column, keyId) so a server can’t move a ciphertext across rows or columns without breaking the auth tag.
  • Key management is the caller’s problem — pass a DEK, we don’t persist it. Key rotation strategy is documented in ROADMAP.md.

The wire format is a small JSON object so it fits inside the existing change_log’s value payload without protocol changes.

readonly v: 1

Defined in: core/src/schema/crypto.ts:20


readonly alg: "AES-GCM-256"

Defined in: core/src/schema/crypto.ts:21


readonly keyId: string

Defined in: core/src/schema/crypto.ts:22


readonly nonce: string

Defined in: core/src/schema/crypto.ts:24

Base64 12-byte nonce.


readonly ct: string

Defined in: core/src/schema/crypto.ts:26

Base64 ciphertext + auth tag.