Options used to configure the encryption middleware.
The key used to encrypt and decrypt data. If you are rotating keys, you can
add fallbackDecryptionKeys to allow the middleware to decrypt data with
multiple keys.
This key will always be used to encrypt.
fallbackDecryptionKeys: string[]
If you are rotating keys, you can add fallbackDecryptionKeys to allow the
middleware to decrypt data with multiple keys.
None of these keys will be used for encryption.
decryptOnly: boolean
Puts the encryption middleware into a mode where it only decrypts data and does not encrypt it.
This is useful for adding the middleware to many services (or the same service with rolling deploys) before enabling encryption, so that all services are ready to decrypt data when it is encrypted.
It can also be used to slowly phase out E2E encryption so that it can be safely removed from services once no more data from current runs is encrypted.
encryptionService: EncryptionService
The encryption service used to encrypt and decrypt data. If not provided, a default encryption service will be used.
eventEncryptionField: string
The name of the top-level field of the event that will be encrypted.
By default, the top-level field named "encrypted" will be encrypted.
legacyV0Service: Omit<LEGACY_V0Service.Options, "key">
If set and enabled is `true, the encryption middleware will only encrypt
using the legacy V0 AES encryption service. This is useful for
transitioning all services to using the new encryption service before then
removing the flag and moving all encryption to LibSodium.
If you used a custom encryptionService beforehand, continue using that.