Add EncryptionKey enum for the key

avinassh · avinassh · commit 5da95cc1b44f · 2025-07-04T20:36:26.000+05:30
diff --git a/libsql/examples/encryption_sync.rs b/libsql/examples/encryption_sync.rs
@@ -1,6 +1,6 @@
 // Example of using offline writes with encryption
 
-use libsql::{params, Builder, EncryptionContext};
+use libsql::{params, Builder, EncryptionContext, EncryptionKey};
 
 #[tokio::main]
 async fn main() {
@@ -18,7 +18,7 @@ async fn main() {
     // Optional encryption key for the database, if provided.
     let encryption = if let Ok(key) = std::env::var("LIBSQL_ENCRYPTION_KEY") {
         Some(EncryptionContext {
-            key_32_bytes_base64_encoded: key.to_string(),
+            key: EncryptionKey::Base64Encoded(key),
         })
     } else {
         None
diff --git a/libsql/src/hrana/hyper.rs b/libsql/src/hrana/hyper.rs
@@ -68,10 +68,8 @@ impl HttpSender {
         }
 
         if let Some(remote_encryption) = &self.remote_encryption {
-            req_builder = req_builder.header(
-                "x-turso-encryption-key",
-                remote_encryption.key_32_bytes_base64_encoded.as_str(),
-            );
+            req_builder =
+                req_builder.header("x-turso-encryption-key", remote_encryption.key.as_string());
         }
 
         let req = req_builder
diff --git a/libsql/src/lib.rs b/libsql/src/lib.rs
@@ -133,6 +133,7 @@ cfg_sync! {
     mod sync;
     pub use database::SyncProtocol;
     pub use sync::EncryptionContext;
+    pub use sync::EncryptionKey;
 }
 
 cfg_replication! {
diff --git a/libsql/src/sync.rs b/libsql/src/sync.rs
@@ -1,11 +1,12 @@
 use crate::{local::Connection, util::ConnectorService, Error, Result};
 
-use std::path::Path;
-
+use base64::engine::general_purpose;
+use base64::Engine;
 use bytes::Bytes;
 use chrono::Utc;
 use http::{HeaderValue, StatusCode};
 use hyper::Body;
+use std::path::Path;
 use tokio::io::AsyncWriteExt as _;
 use uuid::Uuid;
 
@@ -118,10 +119,27 @@ struct PushFramesResult {
     baton: Option<String>,
 }
 
+#[derive(Debug, Clone)]
+pub enum EncryptionKey {
+    /// The key is a base64-encoded string.
+    Base64Encoded(String),
+    /// The key is a byte array.
+    Bytes(Vec<u8>),
+}
+
+impl EncryptionKey {
+    pub fn as_string(&self) -> String {
+        match self {
+            EncryptionKey::Base64Encoded(s) => s.clone(),
+            EncryptionKey::Bytes(b) => general_purpose::STANDARD.encode(b),
+        }
+    }
+}
+
 #[derive(Debug, Clone)]
 pub struct EncryptionContext {
     /// The base64-encoded key for the encryption, sent on every request.
-    pub key_32_bytes_base64_encoded: String,
+    pub key: EncryptionKey,
 }
 
 pub struct SyncContext {
@@ -314,10 +332,7 @@ impl SyncContext {
             }
 
             if let Some(remote_encryption) = &self.remote_encryption {
-                req = req.header(
-                    "x-turso-encryption-key",
-                    remote_encryption.key_32_bytes_base64_encoded.as_str(),
-                );
+                req = req.header("x-turso-encryption-key", remote_encryption.key.as_string());
             }
 
             let req = req.body(body.clone().into()).expect("valid body");
@@ -432,10 +447,7 @@ impl SyncContext {
             }
 
             if let Some(remote_encryption) = &self.remote_encryption {
-                req = req.header(
-                    "x-turso-encryption-key",
-                    remote_encryption.key_32_bytes_base64_encoded.as_str(),
-                );
+                req = req.header("x-turso-encryption-key", remote_encryption.key.as_string());
             }
 
             let req = req.body(Body::empty()).expect("valid request");
@@ -602,10 +614,7 @@ impl SyncContext {
         }
 
         if let Some(remote_encryption) = &self.remote_encryption {
-            req = req.header(
-                "x-turso-encryption-key",
-                remote_encryption.key_32_bytes_base64_encoded.as_str(),
-            );
+            req = req.header("x-turso-encryption-key", remote_encryption.key.as_string());
         }
 
         let req = req.body(Body::empty()).expect("valid request");
@@ -705,10 +714,7 @@ impl SyncContext {
         }
 
         if let Some(remote_encryption) = &self.remote_encryption {
-            req = req.header(
-                "x-turso-encryption-key",
-                remote_encryption.key_32_bytes_base64_encoded.as_str(),
-            );
+            req = req.header("x-turso-encryption-key", remote_encryption.key.as_string());
         }
 
         let req = req.body(Body::empty()).expect("valid request");

Original file line number	Diff line number	Diff line change
`@@ -68,10 +68,8 @@ impl HttpSender {`
`68`	`68`	`}`
`69`	`69`
`70`	`70`	`if let Some(remote_encryption) = &self.remote_encryption {`
`71`		`- req_builder = req_builder.header(`
`72`		`- "x-turso-encryption-key",`
`73`		`- remote_encryption.key_32_bytes_base64_encoded.as_str(),`
`74`		`- );`
	`71`	`+ req_builder =`
	`72`	`+ req_builder.header("x-turso-encryption-key", remote_encryption.key.as_string());`
`75`	`73`	`}`
`76`	`74`
`77`	`75`	`let req = req_builder`
Original file line number	Diff line number	Diff line change
`@@ -133,6 +133,7 @@ cfg_sync! {`
`133`	`133`	`mod sync;`
`134`	`134`	`pub use database::SyncProtocol;`
`135`	`135`	`pub use sync::EncryptionContext;`
	`136`	`+ pub use sync::EncryptionKey;`
`136`	`137`	`}`
`137`	`138`
`138`	`139`	`cfg_replication! {`