credentials-0.0.2: Secure Credentials Storage and Distribution

Copyright(c) 2015-2016 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <>
Portabilitynon-portable (GHC extensions)
Safe HaskellNone



Encryption and decryption of local data, by using a wrapped key mechanism and master keys stored in KMS.

See the Credentials module for usage information.



encrypt :: (MonadAWS m, Typeable m) => KeyId -> Context -> Name -> ByteString -> m Encrypted Source #

Encrypt a plaintext ByteString with the given master key and encryption context. The Name is used to annotate error messages.

The wrapped data encryption key, ciphertext, and HMAC SHA256 are returned if no error occurs.

decrypt :: MonadAWS m => Context -> Name -> Encrypted -> m ByteString Source #

Decrypt ciphertext using the given encryption context, and wrapped data encryption key. The HMAC SHA256 is recalculated and compared for message integrity. The Name is used to annotate error messages.

The resulting unencrypted plaintext ByteString is returned if no error occurs.