#kms #google #aws #envelope


KMS/AEAD envelope encryption for GCP/AWS KMS and Ring AEAD encryption

11 releases (5 breaking)

Uses new Rust 2021

0.6.0 Aug 7, 2022
0.5.0 Aug 7, 2022
0.4.3 Aug 5, 2022
0.4.0 Jul 31, 2022
0.1.0 Jul 22, 2022

#259 in Cryptography

Download history 54/week @ 2022-07-17 94/week @ 2022-07-24 121/week @ 2022-07-31 95/week @ 2022-08-07

364 downloads per month
Used in secret-vault


929 lines

Cargo tests and formatting security audit

KMS/AEAD envelope encryption for GCP/AWS KMS and Ring AEAD for Rust


  • Able to encode using default/current session key (DEK) or receiving it as a parameter
  • Manual rotation of default/current session key (DEK) or automatic key generation for each of the request
  • Provides a public and simple implementation for Ring based AEAD encryption without using KMS.
  • Opt-in for KMS based secure random generator for GCP and AWS instead of Ring.

Available KMS providers:

  • Google Cloud Platform KMS
  • Amazon Web Services KMS

Quick start


kms-aead = { version = "0.6", features=["..."] }

See security consideration below about versioning.

Available optional features for Secret Vault:

  • gcp-kms-encryption for Google KMS envelope encryption support
  • aws-kms-encryption for Amazon KMS envelope encryption support
  • ring-aead-encryption using API for Ring AEAD only without any KMS envelope encryption

All examples available at examples directory.

GCP/AWS secure random generators

To use GCP/AWS KMS API for secure random generator you should enable it using options.

For AWS:


For GCP:


Security considerations and risks


Open source code is created through voluntary collaboration of software developers. The original authors license the code so that anyone can see it, modify it, and distribute new versions of it. You should manage all OSS using the same procedures and tools that you use for commercial products. As always, train your employees on cyber security best practices that can help them securely use and manage software products. You should not solely rely on individuals, especially on the projects like this reading sensitive information.


Please don't use broad version dependency management not to include a new version of dependency automatically without auditing the changes.

Security implementation details and recommendations

The library uses random 96 bit nonces and ChaCha20-Poly1305 algorithm by default. Depends on your security requirements to avoid nonce collisions it is recommended to either rotate random DEK frequently using rotate_current_key or even use a new random DEK per encryption using encrypt_value_with_new_key.


Apache Software License (ASL)


Abdulla Abdurakhmanov


~401K SLoC