Sealed Secret
A secret is data that should only be readable by the intended parties. When a secret is sealed to an ACL of one or more enclave identities, the encrypted secret is only decryptable by enclaves whose identities match that ACL expectation.
SealingRootInformation
Represents information about a sealing root. This information is used by the
program to instantiate the correct implementation of the SecretSealer
interface.
SealedSecretHeader
Describes the purpose and intent of an already-sealed secret.
SealedSecret
A self-contained payload containing an encrypted secret and metadata describing how to decrypt and use the secret.
UnsealedSecret
A disassembled SealedSecret. It contains all information necessary to reseal the data.
SealingRootType
A type of sealing root.
Name | Description |
---|---|
LOCAL |
Indicates that the secret is sealed to a machine-local (e.g., CPU-based) sealing root. |
REMOTE |
Indicates that the secret is sealed to a remote-service-based sealing root (e.g., a secret-escrow service). |
AeadScheme
Name | Description |
---|---|
UNKNOWN_AEAD_SCHEME |
|
AES128_GCM |
|
AES256_GCM |
|
AES128_GCM_SIV |
|
AES256_GCM_SIV |