hello all,
Documentation on the go vault sdk/helpers is sparse.
I would really like to see documentation on when it’s appropriate to leverage sdk/helper/keysutil in plugin development.
Specifically, keysutil.Policy and keysutil.NewEncryptedKeyStorageWrapper.
I’ve read through a lot of the transit and kv engines, and it’s a bit difficult to follow.
It’s unclear why the kv metadata storage uses NewEncryptedKeyStorageWrapper, but the versioned data doesn’t and only has a backend config annotation for SealWrapStorage.
I’ve also posted this on Github.