JsonEncryptor = Callable[[EncryptionContext, Json], Awaitable[Json]]| Name | Type | Description |
|---|---|---|
ctx* | unknown | Encryption context with model type, field name, and metadata |
data* | unknown | The plaintext JSON dictionary |
Handler for encrypting structured JSON data.
Note: Must be an async function. Encryption typically involves I/O operations (calling external KMS services), which should be async.
Used for encrypting structured data like metadata, context, kwargs, values, and other JSON-serializable fields across different model types.
Maps plaintext fields to encrypted fields. A practical approach:
Example:
Input: {"owner": "user123", "my.customer.org/email": "john@example.com", "tenant_id": "t-456"} Output: {"owner": "user123", "my.customer.org/email": "ENCRYPTED", "tenant_id": "t-456"}
Note: Encrypted field VALUES cannot be reliably searched, as most real-world encryption implementations use nonces (non-deterministic encryption). Only unencrypted fields can be used in search queries.