chore: update client for 0.27

tobyhede · tobyhede · commit 0c29f40e1295 · 2025-08-26T12:11:57.000+10:00
diff --git a/src/crypto/attrs/flattened_encrypted_attributes.rs b/src/crypto/attrs/flattened_encrypted_attributes.rs
@@ -41,7 +41,7 @@ impl FlattenedEncryptedAttributes {
             .collect_vec();
 
         cipher
-            .decrypt(self.attrs.into_iter())
+            .decrypt(self.attrs.into_iter(), None, None, None)
             .await
             .map(|records| {
                 records
diff --git a/src/encrypted_table/mod.rs b/src/encrypted_table/mod.rs
@@ -20,10 +20,12 @@ use aws_sdk_dynamodb::types::{AttributeValue, Delete, Put, TransactWriteItem};
 use cipherstash_client::{
     config::{
         console_config::ConsoleConfig, cts_config::CtsConfig, zero_kms_config::ZeroKMSConfig,
+        EnvSource,
     },
-    credentials::{auto_refresh::AutoRefresh, service_credentials::ServiceCredentials},
+    credentials::{auto_refresh::AutoRefresh, ServiceCredentials},
     encryption::ScopedCipher,
-    zerokms::{ClientKey, ZeroKMS, ZeroKMSWithClientKey},
+    zerokms::{ClientKey, ZeroKMSWithClientKey},
+    IdentifiedBy,
 };
 use log::info;
 use std::{
@@ -73,7 +75,7 @@ impl EncryptedTable<Headless> {
 
         let zerokms_config = ZeroKMSConfig::builder()
             .decryption_log(true)
-            .with_env()
+            .add_source(EnvSource::default())
             .console_config(&console_config)
             .cts_config(&cts_config)
             .build_with_client_key()?;
@@ -86,12 +88,8 @@ impl EncryptedTable<Headless> {
     ) -> Result<Self, InitError> {
         info!("Initializing...");
 
-        let cipher = ZeroKMS::new_with_client_key(
-            &zerokms_config.base_url(),
-            AutoRefresh::new(zerokms_config.credentials()),
-            zerokms_config.decryption_log_path().as_deref(),
-            zerokms_config.client_key(),
-        );
+        let cipher = zerokms_config
+            .create_client_with_credentials(AutoRefresh::new(zerokms_config.credentials()));
 
         info!("Ready!");
 
@@ -312,7 +310,8 @@ impl<D> EncryptedTable<D> {
         delete: PreparedDelete,
         dataset_id: Option<DatasetId>,
     ) -> Result<DynamoRecordPatch, DeleteError> {
-        let scoped_cipher = ScopedZeroKmsCipher::init(self.cipher.clone(), dataset_id).await?;
+        let keyset_id = dataset_id.map(|id| IdentifiedBy::Uuid(id));
+        let scoped_cipher = ScopedZeroKmsCipher::init(self.cipher.clone(), keyset_id).await?;
 
         let PrimaryKeyParts { pk, sk } =
             encrypt_primary_key_parts(&scoped_cipher, delete.primary_key)?;
@@ -352,7 +351,8 @@ impl<D> EncryptedTable<D> {
     ) -> Result<DynamoRecordPatch, PutError> {
         let mut seen_sk = HashSet::new();
 
-        let indexable_cipher = ScopedZeroKmsCipher::init(self.cipher.clone(), dataset_id).await?;
+        let keyset_id = dataset_id.map(|id| IdentifiedBy::Uuid(id));
+        let indexable_cipher = ScopedZeroKmsCipher::init(self.cipher.clone(), keyset_id).await?;
 
         let PreparedRecord {
             protected_attributes,
@@ -463,7 +463,8 @@ impl EncryptedTable<Dynamo> {
     where
         T: Decryptable + Identifiable,
     {
-        let cipher = ScopedZeroKmsCipher::init(self.cipher.clone(), dataset_id).await?;
+        let keyset_id = dataset_id.map(|id| IdentifiedBy::Uuid(id));
+        let cipher = ScopedZeroKmsCipher::init(self.cipher.clone(), keyset_id).await?;
 
         let PrimaryKeyParts { pk, sk } =
             encrypt_primary_key_parts(&cipher, PreparedPrimaryKey::new::<T>(k))?;
diff --git a/src/encrypted_table/query.rs b/src/encrypted_table/query.rs
@@ -1,7 +1,10 @@
 use aws_sdk_dynamodb::{primitives::Blob, types::AttributeValue};
-use cipherstash_client::encryption::{
-    compound_indexer::{ComposableIndex, ComposablePlaintext},
-    Plaintext,
+use cipherstash_client::{
+    encryption::{
+        compound_indexer::{ComposableIndex, ComposablePlaintext},
+        Plaintext,
+    },
+    IdentifiedBy,
 };
 use itertools::Itertools;
 use std::{borrow::Cow, collections::HashMap, marker::PhantomData};
@@ -151,8 +154,10 @@ where
     where
         T: Decryptable + Identifiable,
     {
+        let keyset_id = self.dataset_id.map(|id| IdentifiedBy::Uuid(id));
+
         let scoped_cipher =
-            ScopedZeroKmsCipher::init(self.storage.cipher.clone(), self.dataset_id).await?;
+            ScopedZeroKmsCipher::init(self.storage.cipher.clone(), keyset_id).await?;
 
         let storage = self.storage;
         let query = self.build()?;
diff --git a/src/traits/mod.rs b/src/traits/mod.rs
@@ -2,7 +2,7 @@ use crate::crypto::{SealError, Unsealed};
 pub use crate::encrypted_table::{TableAttribute, TryFromTableAttr};
 use cipherstash_client::encryption::EncryptionError;
 pub use cipherstash_client::{
-    credentials::{service_credentials::ServiceToken, Credentials},
+    credentials::{Credentials, ServiceToken},
     encryption::{
         compound_indexer::{
             ComposableIndex, ComposablePlaintext, CompoundIndex, ExactIndex, PrefixIndex,
