Decorator that encrypts log data before writing. More...

#include <encrypted_writer.h>

Inheritance diagram for kcenon::logger::encrypted_writer:

Collaboration diagram for kcenon::logger::encrypted_writer:

Public Member Functions
	encrypted_writer (std::unique_ptr< log_writer_interface > wrapped, encryption_config config)
	Construct encrypted writer with wrapped writer.

	~encrypted_writer () override
	Destructor - securely cleans up key material.

	encrypted_writer (const encrypted_writer &)=delete

encrypted_writer &	operator= (const encrypted_writer &)=delete

	encrypted_writer (encrypted_writer &&)=delete

encrypted_writer &	operator= (encrypted_writer &&)=delete

common::VoidResult	write (const log_entry &entry) override
	Write encrypted log entry.

common::VoidResult	rotate_key (security::secure_key new_key)
	Rotate encryption key.

uint64_t	get_entries_encrypted () const
	Get encryption statistics.

std::chrono::system_clock::time_point	get_last_key_rotation () const
	Get time of last key rotation.

Public Member Functions inherited from kcenon::logger::decorator_writer_base
	decorator_writer_base (std::unique_ptr< log_writer_interface > wrapped, std::string_view decorator_name)
	Construct a decorator writer base.

	~decorator_writer_base () override=default
	Virtual destructor for proper cleanup.

	decorator_writer_base (const decorator_writer_base &)=delete

decorator_writer_base &	operator= (const decorator_writer_base &)=delete

	decorator_writer_base (decorator_writer_base &&) noexcept=default

decorator_writer_base &	operator= (decorator_writer_base &&) noexcept=default

common::VoidResult	flush () override
	Flush the wrapped writer.

std::string	get_name () const override
	Get the name of this writer.

bool	is_healthy () const override
	Check if the writer is healthy.

const log_writer_interface *	get_wrapped_writer () const noexcept
	Get the wrapped writer (const version)

Public Member Functions inherited from kcenon::logger::log_writer_interface
virtual	~log_writer_interface ()=default

virtual common::VoidResult	close ()
	Close the writer and release resources.

virtual auto	is_open () const -> bool
	Check if writer is open and ready.

Static Public Member Functions
static result< std::string >	decrypt_entry (const std::vector< uint8_t > &encrypted_data, const security::secure_key &key)
	Decrypt a single encrypted log entry.

Private Member Functions
common::VoidResult	encrypt_data (const std::string &plaintext, std::vector< uint8_t > &output)
	Encrypt plaintext using configured algorithm.

common::VoidResult	generate_iv (uint8_t *iv)
	Generate secure random IV.

bool	should_rotate_key () const
	Check if key rotation is needed.

common::VoidResult	auto_rotate_key_if_needed ()
	Perform automatic key rotation if configured.

Private Attributes
encryption_config	config_

std::mutex	write_mutex_

std::atomic< uint64_t >	entries_encrypted_ {0}

std::chrono::system_clock::time_point	last_key_rotation_

std::atomic< bool >	is_initialized_ {false}

Additional Inherited Members
Static Public Attributes inherited from kcenon::logger::decorator_writer_tag
static constexpr writer_category	category = writer_category::decorator

Protected Member Functions inherited from kcenon::logger::decorator_writer_base
log_writer_interface &	wrapped () noexcept
	Access the wrapped writer (non-const)

const log_writer_interface &	wrapped () const noexcept
	Access the wrapped writer (const)

const std::string &	decorator_name () const noexcept
	Get the decorator name.

Detailed Description

Decorator that encrypts log data before writing.

Wraps any log_writer_interface and transparently encrypts all log data using AES-256-GCM before passing to the wrapped writer. Provides:

Per-entry IV rotation for semantic security
Authenticated encryption to prevent tampering
Optional key rotation
Secure key cleanup on destruction

Thread safety: Thread-safe when wrapped writer is thread-safe.

Category: Decorator (wraps another writer to add encryption)

Since: 1.3.0; 1.4.0 Added decorator_writer_tag for category classification; 4.0.0 Refactored to use decorator_writer_base

Examples: decorator_usage.cpp.

Definition at line 188 of file encrypted_writer.h.

Constructor & Destructor Documentation

◆ encrypted_writer() [1/3]

kcenon::logger::encrypted_writer::encrypted_writer	(	std::unique_ptr< log_writer_interface >	wrapped,
		encryption_config	config )

explicit

Construct encrypted writer with wrapped writer.

Parameters

wrapped	Writer to wrap (encrypts before delegating)
config	Encryption configuration (moved)

Exceptions

std::invalid_argument	if wrapped is null or key is invalid
std::runtime_error	if initialization fails

Note: The wrapped writer receives log entries with encrypted message field. For binary file output, wrap a file_writer:
auto writer = std::make_unique<encrypted_writer>(

std::make_unique<file_writer>("secure.log.enc"),

std::move(config)

);

Since: 4.0.0

Definition at line 21 of file encrypted_writer.cpp.

  : decorator_writer_base(std::move(wrapped), "encrypted"),
    config_(std::move(config)),
    last_key_rotation_(std::chrono::system_clock::now())
{
    // Validate key size (AES-256 requires 32 bytes)
    if (config_.key.size() != 32) {
        throw std::invalid_argument(
            "Invalid key size: expected 32 bytes, got " +
            std::to_string(config_.key.size())
        );
    }
 
#ifdef LOGGER_HAS_OPENSSL_CRYPTO
    auto init_result = init_cipher_context();
    if (init_result.is_err()) {
        throw std::runtime_error(
            "Failed to initialize cipher context: " +
            get_logger_error_message(init_result)
        );
    }
#endif
 
    is_initialized_.store(true);
 
    // Log initialization to audit log
    security::audit_logger::log_audit_event(
        security::audit_logger::audit_event::encryption_key_loaded,
        "encrypted_writer initialized",
        {{"algorithm", std::to_string(static_cast<int>(config_.algorithm))},
         {"wrapped_writer", this->wrapped().get_name()}}
    );
}

References config_, kcenon::logger::security::audit_logger::encryption_key_loaded, is_initialized_, kcenon::logger::encryption_config::key, kcenon::logger::security::audit_logger::log_audit_event(), and kcenon::logger::security::secure_key::size().

Here is the call graph for this function:

◆ ~encrypted_writer()

kcenon::logger::encrypted_writer::~encrypted_writer ( )

override

Destructor - securely cleans up key material.

Definition at line 57 of file encrypted_writer.cpp.

                                    {
    is_initialized_.store(false);
 
#ifdef LOGGER_HAS_OPENSSL_CRYPTO
    cleanup_cipher_context();
#endif
 
    // Flush wrapped writer
    wrapped().flush();
}

◆ encrypted_writer() [2/3]

kcenon::logger::encrypted_writer::encrypted_writer ( const encrypted_writer & )

delete

◆ encrypted_writer() [3/3]

kcenon::logger::encrypted_writer::encrypted_writer ( encrypted_writer && )

delete

Member Function Documentation

◆ auto_rotate_key_if_needed()

common::VoidResult kcenon::logger::encrypted_writer::auto_rotate_key_if_needed ( )

private

Perform automatic key rotation if configured.

Returns: common::VoidResult Success or error code

Definition at line 452 of file encrypted_writer.cpp.

                                                             {
    if (!should_rotate_key()) {
        return common::ok();
    }
 
    // Generate new key
    auto key_result = security::secure_key_storage::generate_key(32);
    if (!key_result.has_value()) {
        return make_logger_void_result(
            key_result.error_code(),
            key_result.error_message()
        );
    }
 
    return rotate_key(std::move(key_result.value()));
}

References kcenon::logger::make_logger_void_result(), and kcenon::common::ok().

Here is the call graph for this function:

◆ decrypt_entry()

result< std::string > kcenon::logger::encrypted_writer::decrypt_entry	(	const std::vector< uint8_t > &	encrypted_data,
		const security::secure_key &	key )

static

Decrypt a single encrypted log entry.

Parameters

encrypted_data	Raw encrypted data including header
key	Decryption key

Returns: Result containing decrypted string or error

Note: Static utility method for log decryption tools

Definition at line 188 of file encrypted_writer.cpp.

  {
#ifdef LOGGER_HAS_OPENSSL_CRYPTO
    // Validate minimum size (header + at least 1 byte of data)
    if (encrypted_data.size() < sizeof(encrypted_log_header)) {
        return result<std::string>(
            logger_error_code::decryption_failed,
            "Encrypted data too small"
        );
    }
 
    // Parse header
    encrypted_log_header header;
    std::memcpy(&header, encrypted_data.data(), sizeof(header));
 
    // Validate magic number
    if (header.magic != encrypted_log_header::kMagic) {
        return result<std::string>(
            logger_error_code::decryption_failed,
            "Invalid magic number in encrypted data"
        );
    }
 
    // Validate version
    if (header.version != encrypted_log_header::kVersion) {
        return result<std::string>(
            logger_error_code::decryption_failed,
            "Unsupported encrypted log version"
        );
    }
 
    // Validate data length
    size_t expected_size = sizeof(header) + header.encrypted_length;
    if (encrypted_data.size() < expected_size) {
        return result<std::string>(
            logger_error_code::decryption_failed,
            "Encrypted data truncated"
        );
    }
 
    // Initialize decryption context
    EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
    if (!ctx) {
        return result<std::string>(
            logger_error_code::decryption_failed,
            "Failed to create cipher context"
        );
    }
 
    // Select cipher based on algorithm
    const EVP_CIPHER* cipher = nullptr;
    switch (static_cast<encryption_algorithm>(header.algorithm)) {
        case encryption_algorithm::aes_256_gcm:
            cipher = EVP_aes_256_gcm();
            break;
        case encryption_algorithm::aes_256_cbc:
            cipher = EVP_aes_256_cbc();
            break;
        case encryption_algorithm::chacha20_poly1305:
            cipher = EVP_chacha20_poly1305();
            break;
        default:
            EVP_CIPHER_CTX_free(ctx);
            return result<std::string>(
                logger_error_code::decryption_failed,
                "Unknown encryption algorithm"
            );
    }
 
    // Initialize decryption
    if (EVP_DecryptInit_ex(ctx, cipher, nullptr, nullptr, nullptr) != 1) {
        EVP_CIPHER_CTX_free(ctx);
        return result<std::string>(
            logger_error_code::decryption_failed,
            "Failed to initialize decryption"
        );
    }
 
    // Set IV length for GCM
    if (header.algorithm == static_cast<uint8_t>(encryption_algorithm::aes_256_gcm)) {
        if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, 16, nullptr) != 1) {
            EVP_CIPHER_CTX_free(ctx);
            return result<std::string>(
                logger_error_code::decryption_failed,
                "Failed to set IV length"
            );
        }
    }
 
    // Set key and IV
    if (EVP_DecryptInit_ex(ctx, nullptr, nullptr,
                          key.data().data(), header.iv.data()) != 1) {
        EVP_CIPHER_CTX_free(ctx);
        return result<std::string>(
            logger_error_code::decryption_failed,
            "Failed to set key and IV"
        );
    }
 
    // Set expected tag for GCM
    if (header.algorithm == static_cast<uint8_t>(encryption_algorithm::aes_256_gcm)) {
        if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16,
                               const_cast<uint8_t*>(header.tag.data())) != 1) {
            EVP_CIPHER_CTX_free(ctx);
            return result<std::string>(
                logger_error_code::decryption_failed,
                "Failed to set authentication tag"
            );
        }
    }
 
    // Decrypt data
    std::vector<uint8_t> plaintext(header.original_length + 16);
    int plaintext_len = 0;
 
    const uint8_t* ciphertext = encrypted_data.data() + sizeof(header);
    if (EVP_DecryptUpdate(ctx, plaintext.data(), &plaintext_len,
                         ciphertext, header.encrypted_length) != 1) {
        EVP_CIPHER_CTX_free(ctx);
        return result<std::string>(
            logger_error_code::decryption_failed,
            "Decryption failed"
        );
    }
 
    int final_len = 0;
    if (EVP_DecryptFinal_ex(ctx, plaintext.data() + plaintext_len, &final_len) != 1) {
        EVP_CIPHER_CTX_free(ctx);
        return result<std::string>(
            logger_error_code::decryption_failed,
            "Decryption finalization failed (authentication failure)"
        );
    }
 
    EVP_CIPHER_CTX_free(ctx);
 
    plaintext_len += final_len;
    return result<std::string>(std::string(
        reinterpret_cast<char*>(plaintext.data()),
        plaintext_len
    ));
#else
    return result<std::string>(
        logger_error_code::decryption_failed,
        "OpenSSL not available - decryption disabled"
    );
#endif
}

References kcenon::logger::encrypted_log_header::algorithm, kcenon::logger::security::secure_key::data(), kcenon::logger::encrypted_log_header::encrypted_length, kcenon::logger::encrypted_log_header::iv, kcenon::logger::encrypted_log_header::magic, kcenon::logger::encrypted_log_header::original_length, kcenon::logger::encrypted_log_header::tag, and kcenon::logger::encrypted_log_header::version.

Referenced by kcenon::logger::log_decryptor::decrypt_file_streaming().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ encrypt_data()

common::VoidResult kcenon::logger::encrypted_writer::encrypt_data	(	const std::string &	plaintext,
		std::vector< uint8_t > &	output )

private

Encrypt plaintext using configured algorithm.

Parameters

plaintext	Data to encrypt
output	Buffer to receive encrypted data with header

Returns: common::VoidResult Success or error code

Definition at line 339 of file encrypted_writer.cpp.

  {
#ifdef LOGGER_HAS_OPENSSL_CRYPTO
    // Generate IV
    uint8_t iv[16];
    auto iv_result = generate_iv(iv);
    if (iv_result.is_err()) {
        return iv_result;
    }
 
    // Prepare header
    encrypted_log_header header;
    header.algorithm = static_cast<uint8_t>(config_.algorithm);
    header.original_length = static_cast<uint32_t>(plaintext.size());
    std::memcpy(header.iv.data(), iv, encrypted_log_header::kIvSize);
 
    // Initialize encryption
    if (EVP_EncryptInit_ex(cipher_ctx_, nullptr, nullptr,
                          config_.key.data().data(), iv) != 1) {
        return make_logger_void_result(
            logger_error_code::encryption_failed,
            "Failed to initialize encryption"
        );
    }
 
    // Allocate output buffer (header + ciphertext + potential padding)
    size_t max_ciphertext_len = plaintext.size() + EVP_MAX_BLOCK_LENGTH;
    output.resize(sizeof(header) + max_ciphertext_len);
 
    // Encrypt
    int ciphertext_len = 0;
    if (EVP_EncryptUpdate(cipher_ctx_,
                         output.data() + sizeof(header),
                         &ciphertext_len,
                         reinterpret_cast<const uint8_t*>(plaintext.data()),
                         static_cast<int>(plaintext.size())) != 1) {
        return make_logger_void_result(
            logger_error_code::encryption_failed,
            "Encryption update failed"
        );
    }
 
    int final_len = 0;
    if (EVP_EncryptFinal_ex(cipher_ctx_,
                           output.data() + sizeof(header) + ciphertext_len,
                           &final_len) != 1) {
        return make_logger_void_result(
            logger_error_code::encryption_failed,
            "Encryption finalization failed"
        );
    }
 
    ciphertext_len += final_len;
    header.encrypted_length = static_cast<uint32_t>(ciphertext_len);
 
    // Get authentication tag for GCM
    if (config_.algorithm == encryption_algorithm::aes_256_gcm) {
        if (EVP_CIPHER_CTX_ctrl(cipher_ctx_, EVP_CTRL_GCM_GET_TAG,
                               encrypted_log_header::kTagSize, header.tag.data()) != 1) {
            return make_logger_void_result(
                logger_error_code::encryption_failed,
                "Failed to get authentication tag"
            );
        }
    }
 
    // Copy header to output
    std::memcpy(output.data(), &header, sizeof(header));
 
    // Resize to actual size
    output.resize(sizeof(header) + ciphertext_len);
 
    return common::ok();
#else
    return make_logger_void_result(
        logger_error_code::encryption_failed,
        "OpenSSL not available - encryption disabled"
    );
#endif
}

References kcenon::logger::encrypted_log_header::algorithm, kcenon::logger::encrypted_log_header::encrypted_length, kcenon::logger::encrypted_log_header::iv, kcenon::logger::make_logger_void_result(), kcenon::common::ok(), kcenon::logger::encrypted_log_header::original_length, and kcenon::logger::encrypted_log_header::tag.

Here is the call graph for this function:

◆ generate_iv()

common::VoidResult kcenon::logger::encrypted_writer::generate_iv ( uint8_t * iv )

private

Generate secure random IV.

Parameters

iv	Buffer to receive IV (must be 16 bytes)

Returns: common::VoidResult Success or error code

Definition at line 422 of file encrypted_writer.cpp.

                                                          {
#ifdef LOGGER_HAS_OPENSSL_CRYPTO
    if (RAND_bytes(iv, 16) != 1) {
        return make_logger_void_result(
            logger_error_code::encryption_failed,
            "Failed to generate random IV"
        );
    }
    return common::ok();
#else
    return make_logger_void_result(
        logger_error_code::encryption_failed,
        "OpenSSL not available"
    );
#endif
}

References kcenon::logger::make_logger_void_result(), and kcenon::common::ok().

Here is the call graph for this function:

◆ get_entries_encrypted()

uint64_t kcenon::logger::encrypted_writer::get_entries_encrypted ( ) const

Get encryption statistics.

Returns: Number of log entries encrypted since creation

Definition at line 180 of file encrypted_writer.cpp.

                                                       {
    return entries_encrypted_.load();
}

◆ get_last_key_rotation()

std::chrono::system_clock::time_point kcenon::logger::encrypted_writer::get_last_key_rotation ( ) const

Get time of last key rotation.

Returns: Timestamp of last key rotation (or construction time)

Definition at line 184 of file encrypted_writer.cpp.

                                                                              {
    return last_key_rotation_;
}

◆ operator=() [1/2]

encrypted_writer & kcenon::logger::encrypted_writer::operator= ( const encrypted_writer & )

delete

◆ operator=() [2/2]

encrypted_writer & kcenon::logger::encrypted_writer::operator= ( encrypted_writer && )

delete

◆ rotate_key()

common::VoidResult kcenon::logger::encrypted_writer::rotate_key ( security::secure_key new_key )

Rotate encryption key.

Parameters

new_key New key to use (moved)

Returns: common::VoidResult Success or error code

Safely rotates the encryption key:

Validates new key
Flushes pending writes
Swaps key atomically
Securely clears old key
Optionally logs to audit log

Definition at line 140 of file encrypted_writer.cpp.

                                                                        {
    // Validate new key
    if (new_key.size() != 32) {
        return make_logger_void_result(
            logger_error_code::invalid_key_size,
            "New key must be 32 bytes for AES-256"
        );
    }
 
    std::lock_guard lock(write_mutex_);
 
    // Flush pending writes with old key
    wrapped().flush();
 
    // Swap keys (old key is securely cleared by secure_key destructor)
    config_.key = std::move(new_key);
    last_key_rotation_ = std::chrono::system_clock::now();
 
    // Save new key if path is configured
    if (!config_.key_rotation_path.empty()) {
        auto save_result = security::secure_key_storage::save_key(
            config_.key,
            config_.key_rotation_path,
            config_.key_storage_base
        );
        if (save_result.is_err()) {
            return save_result;
        }
    }
 
    // Log key rotation
    security::audit_logger::log_audit_event(
        security::audit_logger::audit_event::encryption_key_rotated,
        "Encryption key rotated",
        {{"entries_encrypted", std::to_string(entries_encrypted_.load())}}
    );
 
    return common::ok();
}

References kcenon::logger::make_logger_void_result(), kcenon::common::ok(), and kcenon::logger::security::secure_key::size().

Here is the call graph for this function:

◆ should_rotate_key()

bool kcenon::logger::encrypted_writer::should_rotate_key ( ) const

private

Check if key rotation is needed.

Returns: true if rotation interval has elapsed

Definition at line 439 of file encrypted_writer.cpp.

                                               {
    if (!config_.key_rotation_interval.has_value()) {
        return false;
    }
 
    auto now = std::chrono::system_clock::now();
    auto elapsed = std::chrono::duration_cast<std::chrono::hours>(
        now - last_key_rotation_
    );
 
    return elapsed >= config_.key_rotation_interval.value();
}

◆ write()

common::VoidResult kcenon::logger::encrypted_writer::write ( const log_entry & entry )

overridevirtual

Write encrypted log entry.

Parameters

entry The log entry to write

Returns: common::VoidResult Success or error code

Since: 3.5.0 Changed to use log_entry directly

Implements kcenon::logger::decorator_writer_base.

Definition at line 68 of file encrypted_writer.cpp.

                                                               {
    if (!is_initialized_.load()) {
        return make_logger_void_result(
            logger_error_code::encryption_failed,
            "encrypted_writer not initialized"
        );
    }
 
    // Check for automatic key rotation
    auto rotate_result = auto_rotate_key_if_needed();
    if (rotate_result.is_err()) {
        // Log rotation failure but continue with current key
        security::audit_logger::log_audit_event(
            security::audit_logger::audit_event::suspicious_activity,
            "Key rotation failed",
            {{"error", get_logger_error_message(rotate_result)}}
        );
    }
 
    // Format the log entry first
    std::ostringstream oss;
    auto time_t_val = std::chrono::system_clock::to_time_t(entry.timestamp);
    std::tm tm_val;
#ifdef _WIN32
    localtime_s(&tm_val, &time_t_val);
#else
    localtime_r(&time_t_val, &tm_val);
#endif
 
    // Convert log_level from logger_system to common::interfaces
    auto level = static_cast<common::interfaces::log_level>(static_cast<int>(entry.level));
 
    oss << std::put_time(&tm_val, "%Y-%m-%dT%H:%M:%S")
        << " [" << static_cast<int>(level) << "] "
        << entry.message.to_string();
 
    if (entry.location) {
        std::string file = entry.location->file.to_string();
        std::string function = entry.location->function.to_string();
        if (!file.empty()) {
            oss << " (" << file << ":" << entry.location->line << " " << function << ")";
        }
    }
 
    std::string plaintext = oss.str();
 
    // Encrypt the formatted log entry
    std::vector<uint8_t> encrypted_data;
    {
        std::lock_guard lock(write_mutex_);
        auto encrypt_result = encrypt_data(plaintext, encrypted_data);
        if (encrypt_result.is_err()) {
            return encrypt_result;
        }
    }
 
    // Create encrypted log entry with binary data in message field
    std::string binary_data(
        reinterpret_cast<const char*>(encrypted_data.data()),
        encrypted_data.size()
    );
    log_entry encrypted_entry(level, binary_data, entry.timestamp);
 
    // Delegate to wrapped writer
    auto write_result = wrapped().write(encrypted_entry);
    if (write_result.is_ok()) {
        entries_encrypted_.fetch_add(1);
    }
    return write_result;
}

References kcenon::logger::get_logger_error_message(), kcenon::logger::log_entry::level, kcenon::logger::log_entry::location, kcenon::logger::make_logger_void_result(), kcenon::logger::log_entry::message, kcenon::logger::log_entry::timestamp, and kcenon::logger::small_string< SSO_SIZE >::to_string().

Here is the call graph for this function:

Member Data Documentation

◆ config_

encryption_config kcenon::logger::encrypted_writer::config_

private

Definition at line 315 of file encrypted_writer.h.

Referenced by encrypted_writer().

◆ entries_encrypted_

std::atomic<uint64_t> kcenon::logger::encrypted_writer::entries_encrypted_ {0}

private

Definition at line 318 of file encrypted_writer.h.

318{0};

◆ is_initialized_

std::atomic<bool> kcenon::logger::encrypted_writer::is_initialized_ {false}

private

Definition at line 320 of file encrypted_writer.h.

320{false};

Referenced by encrypted_writer().

◆ last_key_rotation_

std::chrono::system_clock::time_point kcenon::logger::encrypted_writer::last_key_rotation_

private

Definition at line 319 of file encrypted_writer.h.

◆ write_mutex_

std::mutex kcenon::logger::encrypted_writer::write_mutex_

mutableprivate

Definition at line 316 of file encrypted_writer.h.

The documentation for this class was generated from the following files:

include/kcenon/logger/writers/encrypted_writer.h
src/impl/writers/encrypted_writer.cpp

Public Member Functions

Static Public Member Functions

Private Member Functions

Private Attributes

Additional Inherited Members

Detailed Description

Constructor & Destructor Documentation

◆ encrypted_writer() [1/3]

◆ ~encrypted_writer()

◆ encrypted_writer() [2/3]

◆ encrypted_writer() [3/3]

Member Function Documentation

◆ auto_rotate_key_if_needed()

◆ decrypt_entry()

◆ encrypt_data()

◆ generate_iv()

◆ get_entries_encrypted()

◆ get_last_key_rotation()

◆ operator=() [1/2]

◆ operator=() [2/2]

◆ rotate_key()

◆ should_rotate_key()

◆ write()

Member Data Documentation

◆ config_

◆ entries_encrypted_

◆ is_initialized_

◆ last_key_rotation_

◆ write_mutex_