@noy-db/at-aws-kms 0.2.0-pre.4 → 0.2.0-pre.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/**\n * **@noy-db/at-aws-kms** — AWS KMS sealing key provider for noy-db\n * managed-passphrase mode (#188).\n *\n * An `at-*` provider that seals and unseals the hub-generated random\n * passphrase via AWS KMS Encrypt / Decrypt. Every seal and unseal is an\n * authenticated KMS API call, giving you a CloudTrail-backed access log of\n * every time a user's vault is opened — no additional instrumentation\n * required.\n *\n * ## When to use\n *\n * - Compliance regimes requiring auditable key access logs (FedRAMP, HIPAA\n * with managed-encryption requirements, SOC 2 Type II).\n * - Workloads already running on AWS where a KMS key costs less than\n * engineering an equivalent audit trail.\n * - Any case where you want automatic CMK rotation without rotating your\n * app's sealing key material manually.\n *\n * ## Setup\n *\n * ```bash\n * # 1. Create a KMS key (one-time, in your AWS console or CLI):\n * aws kms create-key --description \"noy-db sealing key\"\n * # Note the KeyId/ARN from the output.\n *\n * # 2. Grant the host's IAM role kms:Encrypt + kms:Decrypt on that key.\n * # Credentials are picked up automatically from the SDK's ambient chain\n * # (IAM role, ~/.aws/credentials, env vars — see AWS SDK docs).\n * ```\n *\n * ```ts\n * // 3. In your app:\n * import { createNoydb } from '@noy-db/hub'\n * import { awsKmsSealingProvider } from '@noy-db/at-aws-kms'\n * import { shamirRecoveryProvider } from '@noy-db/on-shamir'\n *\n * const db = await createNoydb({\n * store,\n * user: 'alice',\n * passphraseMode: 'managed',\n * sealingKey: awsKmsSealingProvider({ keyId: 'arn:aws:kms:us-east-1:123:key/abc' }),\n * shamirRecovery: shamirRecoveryProvider(),\n * })\n * ```\n *\n * @packageDocumentation\n */\n\nimport type { SealingKeyProvider } from '@noy-db/hub'\nimport {\n KMSClient,\n EncryptCommand,\n DecryptCommand,\n type EncryptCommandOutput,\n type DecryptCommandOutput,\n} from '@aws-sdk/client-kms'\n\n/** Options for {@link awsKmsSealingProvider}. */\nexport interface AwsKmsSealingProviderOptions {\n /** KMS key id or ARN (e.g. `arn:aws:kms:us-east-1:123:key/abc`). */\n readonly keyId: string\n /** Optional pre-built client (DI for tests). Default `new KMSClient({})` (ambient creds). */\n readonly client?: Pick<KMSClient, 'send'>\n}\n\n/**\n * Build a {@link SealingKeyProvider} backed by AWS KMS Encrypt / Decrypt.\n *\n * Credentials are resolved by the SDK's ambient chain — IAM instance roles,\n * environment variables, or `~/.aws/credentials`. Never pass raw credentials\n * in the options; inject a pre-configured client for non-default auth instead.\n *\n * @throws Error when KMS returns no ciphertext or no plaintext (guards\n * against unexpected SDK-response shapes).\n * Any KMS API error (AccessDenied, InvalidKeyUsage, etc.) propagates as-is.\n */\nexport function awsKmsSealingProvider(opts: AwsKmsSealingProviderOptions): SealingKeyProvider {\n const client = opts.client ?? new KMSClient({})\n return {\n id: `aws-kms:${opts.keyId}`,\n\n async seal(passphrase) {\n const out: EncryptCommandOutput = await client.send(\n new EncryptCommand({ KeyId: opts.keyId, Plaintext: passphrase }),\n )\n const blob = out.CiphertextBlob\n if (!blob) throw new Error('@noy-db/at-aws-kms: KMS Encrypt returned no CiphertextBlob')\n return blob instanceof Uint8Array ? blob : new Uint8Array(blob)\n },\n\n async unseal(sealed) {\n const out: DecryptCommandOutput = await client.send(\n new DecryptCommand({ CiphertextBlob: sealed, KeyId: opts.keyId }),\n )\n const pt = out.Plaintext\n if (!pt) throw new Error('@noy-db/at-aws-kms: KMS Decrypt returned no Plaintext')\n return pt instanceof Uint8Array ? pt : new Uint8Array(pt)\n },\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAkDA,wBAMO;AAqBA,SAAS,sBAAsB,MAAwD;AAC5F,QAAM,SAAS,KAAK,UAAU,IAAI,4BAAU,CAAC,CAAC;AAC9C,SAAO;AAAA,IACL,IAAI,WAAW,KAAK,KAAK;AAAA,IAEzB,MAAM,KAAK,YAAY;AACrB,YAAM,MAA4B,MAAM,OAAO;AAAA,QAC7C,IAAI,iCAAe,EAAE,OAAO,KAAK,OAAO,WAAW,WAAW,CAAC;AAAA,MACjE;AACA,YAAM,OAAO,IAAI;AACjB,UAAI,CAAC,KAAM,OAAM,IAAI,MAAM,4DAA4D;AACvF,aAAO,gBAAgB,aAAa,OAAO,IAAI,WAAW,IAAI;AAAA,IAChE;AAAA,IAEA,MAAM,OAAO,QAAQ;AACnB,YAAM,MAA4B,MAAM,OAAO;AAAA,QAC7C,IAAI,iCAAe,EAAE,gBAAgB,QAAQ,OAAO,KAAK,MAAM,CAAC;AAAA,MAClE;AACA,YAAM,KAAK,IAAI;AACf,UAAI,CAAC,GAAI,OAAM,IAAI,MAAM,uDAAuD;AAChF,aAAO,cAAc,aAAa,KAAK,IAAI,WAAW,EAAE;AAAA,IAC1D;AAAA,EACF;AACF;","names":[]}
1
+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/**\n * **@noy-db/at-aws-kms** — AWS KMS sealing key provider for noy-db\n * managed-passphrase mode.\n *\n * An `at-*` provider that seals and unseals the hub-generated random\n * passphrase via AWS KMS Encrypt / Decrypt. Every seal and unseal is an\n * authenticated KMS API call, giving you a CloudTrail-backed access log of\n * every time a user's vault is opened — no additional instrumentation\n * required.\n *\n * ## When to use\n *\n * - Compliance regimes requiring auditable key access logs (FedRAMP, HIPAA\n * with managed-encryption requirements, SOC 2 Type II).\n * - Workloads already running on AWS where a KMS key costs less than\n * engineering an equivalent audit trail.\n * - Any case where you want automatic CMK rotation without rotating your\n * app's sealing key material manually.\n *\n * ## Setup\n *\n * ```bash\n * # 1. Create a KMS key (one-time, in your AWS console or CLI):\n * aws kms create-key --description \"noy-db sealing key\"\n * # Note the KeyId/ARN from the output.\n *\n * # 2. Grant the host's IAM role kms:Encrypt + kms:Decrypt on that key.\n * # Credentials are picked up automatically from the SDK's ambient chain\n * # (IAM role, ~/.aws/credentials, env vars — see AWS SDK docs).\n * ```\n *\n * ```ts\n * // 3. In your app:\n * import { createNoydb } from '@noy-db/hub'\n * import { awsKmsSealingProvider } from '@noy-db/at-aws-kms'\n * import { shamirRecoveryProvider } from '@noy-db/on-shamir'\n *\n * const db = await createNoydb({\n * store,\n * user: 'alice',\n * passphraseMode: 'managed',\n * sealingKey: awsKmsSealingProvider({ keyId: 'arn:aws:kms:us-east-1:123:key/abc' }),\n * shamirRecovery: shamirRecoveryProvider(),\n * })\n * ```\n *\n * @packageDocumentation\n */\n\nimport type { SealingKeyProvider } from '@noy-db/hub'\nimport {\n KMSClient,\n EncryptCommand,\n DecryptCommand,\n type EncryptCommandOutput,\n type DecryptCommandOutput,\n} from '@aws-sdk/client-kms'\n\n/** Options for {@link awsKmsSealingProvider}. */\nexport interface AwsKmsSealingProviderOptions {\n /** KMS key id or ARN (e.g. `arn:aws:kms:us-east-1:123:key/abc`). */\n readonly keyId: string\n /** Optional pre-built client (DI for tests). Default `new KMSClient({})` (ambient creds). */\n readonly client?: Pick<KMSClient, 'send'>\n}\n\n/**\n * Build a {@link SealingKeyProvider} backed by AWS KMS Encrypt / Decrypt.\n *\n * Credentials are resolved by the SDK's ambient chain — IAM instance roles,\n * environment variables, or `~/.aws/credentials`. Never pass raw credentials\n * in the options; inject a pre-configured client for non-default auth instead.\n *\n * @throws Error when KMS returns no ciphertext or no plaintext (guards\n * against unexpected SDK-response shapes).\n * Any KMS API error (AccessDenied, InvalidKeyUsage, etc.) propagates as-is.\n */\nexport function awsKmsSealingProvider(opts: AwsKmsSealingProviderOptions): SealingKeyProvider {\n const client = opts.client ?? new KMSClient({})\n return {\n id: `aws-kms:${opts.keyId}`,\n\n async seal(passphrase) {\n const out: EncryptCommandOutput = await client.send(\n new EncryptCommand({ KeyId: opts.keyId, Plaintext: passphrase }),\n )\n const blob = out.CiphertextBlob\n if (!blob) throw new Error('@noy-db/at-aws-kms: KMS Encrypt returned no CiphertextBlob')\n return blob instanceof Uint8Array ? blob : new Uint8Array(blob)\n },\n\n async unseal(sealed) {\n const out: DecryptCommandOutput = await client.send(\n new DecryptCommand({ CiphertextBlob: sealed, KeyId: opts.keyId }),\n )\n const pt = out.Plaintext\n if (!pt) throw new Error('@noy-db/at-aws-kms: KMS Decrypt returned no Plaintext')\n return pt instanceof Uint8Array ? pt : new Uint8Array(pt)\n },\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAkDA,wBAMO;AAqBA,SAAS,sBAAsB,MAAwD;AAC5F,QAAM,SAAS,KAAK,UAAU,IAAI,4BAAU,CAAC,CAAC;AAC9C,SAAO;AAAA,IACL,IAAI,WAAW,KAAK,KAAK;AAAA,IAEzB,MAAM,KAAK,YAAY;AACrB,YAAM,MAA4B,MAAM,OAAO;AAAA,QAC7C,IAAI,iCAAe,EAAE,OAAO,KAAK,OAAO,WAAW,WAAW,CAAC;AAAA,MACjE;AACA,YAAM,OAAO,IAAI;AACjB,UAAI,CAAC,KAAM,OAAM,IAAI,MAAM,4DAA4D;AACvF,aAAO,gBAAgB,aAAa,OAAO,IAAI,WAAW,IAAI;AAAA,IAChE;AAAA,IAEA,MAAM,OAAO,QAAQ;AACnB,YAAM,MAA4B,MAAM,OAAO;AAAA,QAC7C,IAAI,iCAAe,EAAE,gBAAgB,QAAQ,OAAO,KAAK,MAAM,CAAC;AAAA,MAClE;AACA,YAAM,KAAK,IAAI;AACf,UAAI,CAAC,GAAI,OAAM,IAAI,MAAM,uDAAuD;AAChF,aAAO,cAAc,aAAa,KAAK,IAAI,WAAW,EAAE;AAAA,IAC1D;AAAA,EACF;AACF;","names":[]}
package/dist/index.d.cts CHANGED
@@ -3,7 +3,7 @@ import { KMSClient } from '@aws-sdk/client-kms';
3
3
 
4
4
  /**
5
5
  * **@noy-db/at-aws-kms** — AWS KMS sealing key provider for noy-db
6
- * managed-passphrase mode (#188).
6
+ * managed-passphrase mode.
7
7
  *
8
8
  * An `at-*` provider that seals and unseals the hub-generated random
9
9
  * passphrase via AWS KMS Encrypt / Decrypt. Every seal and unseal is an
package/dist/index.d.ts CHANGED
@@ -3,7 +3,7 @@ import { KMSClient } from '@aws-sdk/client-kms';
3
3
 
4
4
  /**
5
5
  * **@noy-db/at-aws-kms** — AWS KMS sealing key provider for noy-db
6
- * managed-passphrase mode (#188).
6
+ * managed-passphrase mode.
7
7
  *
8
8
  * An `at-*` provider that seals and unseals the hub-generated random
9
9
  * passphrase via AWS KMS Encrypt / Decrypt. Every seal and unseal is an
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/**\n * **@noy-db/at-aws-kms** — AWS KMS sealing key provider for noy-db\n * managed-passphrase mode (#188).\n *\n * An `at-*` provider that seals and unseals the hub-generated random\n * passphrase via AWS KMS Encrypt / Decrypt. Every seal and unseal is an\n * authenticated KMS API call, giving you a CloudTrail-backed access log of\n * every time a user's vault is opened — no additional instrumentation\n * required.\n *\n * ## When to use\n *\n * - Compliance regimes requiring auditable key access logs (FedRAMP, HIPAA\n * with managed-encryption requirements, SOC 2 Type II).\n * - Workloads already running on AWS where a KMS key costs less than\n * engineering an equivalent audit trail.\n * - Any case where you want automatic CMK rotation without rotating your\n * app's sealing key material manually.\n *\n * ## Setup\n *\n * ```bash\n * # 1. Create a KMS key (one-time, in your AWS console or CLI):\n * aws kms create-key --description \"noy-db sealing key\"\n * # Note the KeyId/ARN from the output.\n *\n * # 2. Grant the host's IAM role kms:Encrypt + kms:Decrypt on that key.\n * # Credentials are picked up automatically from the SDK's ambient chain\n * # (IAM role, ~/.aws/credentials, env vars — see AWS SDK docs).\n * ```\n *\n * ```ts\n * // 3. In your app:\n * import { createNoydb } from '@noy-db/hub'\n * import { awsKmsSealingProvider } from '@noy-db/at-aws-kms'\n * import { shamirRecoveryProvider } from '@noy-db/on-shamir'\n *\n * const db = await createNoydb({\n * store,\n * user: 'alice',\n * passphraseMode: 'managed',\n * sealingKey: awsKmsSealingProvider({ keyId: 'arn:aws:kms:us-east-1:123:key/abc' }),\n * shamirRecovery: shamirRecoveryProvider(),\n * })\n * ```\n *\n * @packageDocumentation\n */\n\nimport type { SealingKeyProvider } from '@noy-db/hub'\nimport {\n KMSClient,\n EncryptCommand,\n DecryptCommand,\n type EncryptCommandOutput,\n type DecryptCommandOutput,\n} from '@aws-sdk/client-kms'\n\n/** Options for {@link awsKmsSealingProvider}. */\nexport interface AwsKmsSealingProviderOptions {\n /** KMS key id or ARN (e.g. `arn:aws:kms:us-east-1:123:key/abc`). */\n readonly keyId: string\n /** Optional pre-built client (DI for tests). Default `new KMSClient({})` (ambient creds). */\n readonly client?: Pick<KMSClient, 'send'>\n}\n\n/**\n * Build a {@link SealingKeyProvider} backed by AWS KMS Encrypt / Decrypt.\n *\n * Credentials are resolved by the SDK's ambient chain — IAM instance roles,\n * environment variables, or `~/.aws/credentials`. Never pass raw credentials\n * in the options; inject a pre-configured client for non-default auth instead.\n *\n * @throws Error when KMS returns no ciphertext or no plaintext (guards\n * against unexpected SDK-response shapes).\n * Any KMS API error (AccessDenied, InvalidKeyUsage, etc.) propagates as-is.\n */\nexport function awsKmsSealingProvider(opts: AwsKmsSealingProviderOptions): SealingKeyProvider {\n const client = opts.client ?? new KMSClient({})\n return {\n id: `aws-kms:${opts.keyId}`,\n\n async seal(passphrase) {\n const out: EncryptCommandOutput = await client.send(\n new EncryptCommand({ KeyId: opts.keyId, Plaintext: passphrase }),\n )\n const blob = out.CiphertextBlob\n if (!blob) throw new Error('@noy-db/at-aws-kms: KMS Encrypt returned no CiphertextBlob')\n return blob instanceof Uint8Array ? blob : new Uint8Array(blob)\n },\n\n async unseal(sealed) {\n const out: DecryptCommandOutput = await client.send(\n new DecryptCommand({ CiphertextBlob: sealed, KeyId: opts.keyId }),\n )\n const pt = out.Plaintext\n if (!pt) throw new Error('@noy-db/at-aws-kms: KMS Decrypt returned no Plaintext')\n return pt instanceof Uint8Array ? pt : new Uint8Array(pt)\n },\n }\n}\n"],"mappings":";AAkDA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OAGK;AAqBA,SAAS,sBAAsB,MAAwD;AAC5F,QAAM,SAAS,KAAK,UAAU,IAAI,UAAU,CAAC,CAAC;AAC9C,SAAO;AAAA,IACL,IAAI,WAAW,KAAK,KAAK;AAAA,IAEzB,MAAM,KAAK,YAAY;AACrB,YAAM,MAA4B,MAAM,OAAO;AAAA,QAC7C,IAAI,eAAe,EAAE,OAAO,KAAK,OAAO,WAAW,WAAW,CAAC;AAAA,MACjE;AACA,YAAM,OAAO,IAAI;AACjB,UAAI,CAAC,KAAM,OAAM,IAAI,MAAM,4DAA4D;AACvF,aAAO,gBAAgB,aAAa,OAAO,IAAI,WAAW,IAAI;AAAA,IAChE;AAAA,IAEA,MAAM,OAAO,QAAQ;AACnB,YAAM,MAA4B,MAAM,OAAO;AAAA,QAC7C,IAAI,eAAe,EAAE,gBAAgB,QAAQ,OAAO,KAAK,MAAM,CAAC;AAAA,MAClE;AACA,YAAM,KAAK,IAAI;AACf,UAAI,CAAC,GAAI,OAAM,IAAI,MAAM,uDAAuD;AAChF,aAAO,cAAc,aAAa,KAAK,IAAI,WAAW,EAAE;AAAA,IAC1D;AAAA,EACF;AACF;","names":[]}
1
+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["/**\n * **@noy-db/at-aws-kms** — AWS KMS sealing key provider for noy-db\n * managed-passphrase mode.\n *\n * An `at-*` provider that seals and unseals the hub-generated random\n * passphrase via AWS KMS Encrypt / Decrypt. Every seal and unseal is an\n * authenticated KMS API call, giving you a CloudTrail-backed access log of\n * every time a user's vault is opened — no additional instrumentation\n * required.\n *\n * ## When to use\n *\n * - Compliance regimes requiring auditable key access logs (FedRAMP, HIPAA\n * with managed-encryption requirements, SOC 2 Type II).\n * - Workloads already running on AWS where a KMS key costs less than\n * engineering an equivalent audit trail.\n * - Any case where you want automatic CMK rotation without rotating your\n * app's sealing key material manually.\n *\n * ## Setup\n *\n * ```bash\n * # 1. Create a KMS key (one-time, in your AWS console or CLI):\n * aws kms create-key --description \"noy-db sealing key\"\n * # Note the KeyId/ARN from the output.\n *\n * # 2. Grant the host's IAM role kms:Encrypt + kms:Decrypt on that key.\n * # Credentials are picked up automatically from the SDK's ambient chain\n * # (IAM role, ~/.aws/credentials, env vars — see AWS SDK docs).\n * ```\n *\n * ```ts\n * // 3. In your app:\n * import { createNoydb } from '@noy-db/hub'\n * import { awsKmsSealingProvider } from '@noy-db/at-aws-kms'\n * import { shamirRecoveryProvider } from '@noy-db/on-shamir'\n *\n * const db = await createNoydb({\n * store,\n * user: 'alice',\n * passphraseMode: 'managed',\n * sealingKey: awsKmsSealingProvider({ keyId: 'arn:aws:kms:us-east-1:123:key/abc' }),\n * shamirRecovery: shamirRecoveryProvider(),\n * })\n * ```\n *\n * @packageDocumentation\n */\n\nimport type { SealingKeyProvider } from '@noy-db/hub'\nimport {\n KMSClient,\n EncryptCommand,\n DecryptCommand,\n type EncryptCommandOutput,\n type DecryptCommandOutput,\n} from '@aws-sdk/client-kms'\n\n/** Options for {@link awsKmsSealingProvider}. */\nexport interface AwsKmsSealingProviderOptions {\n /** KMS key id or ARN (e.g. `arn:aws:kms:us-east-1:123:key/abc`). */\n readonly keyId: string\n /** Optional pre-built client (DI for tests). Default `new KMSClient({})` (ambient creds). */\n readonly client?: Pick<KMSClient, 'send'>\n}\n\n/**\n * Build a {@link SealingKeyProvider} backed by AWS KMS Encrypt / Decrypt.\n *\n * Credentials are resolved by the SDK's ambient chain — IAM instance roles,\n * environment variables, or `~/.aws/credentials`. Never pass raw credentials\n * in the options; inject a pre-configured client for non-default auth instead.\n *\n * @throws Error when KMS returns no ciphertext or no plaintext (guards\n * against unexpected SDK-response shapes).\n * Any KMS API error (AccessDenied, InvalidKeyUsage, etc.) propagates as-is.\n */\nexport function awsKmsSealingProvider(opts: AwsKmsSealingProviderOptions): SealingKeyProvider {\n const client = opts.client ?? new KMSClient({})\n return {\n id: `aws-kms:${opts.keyId}`,\n\n async seal(passphrase) {\n const out: EncryptCommandOutput = await client.send(\n new EncryptCommand({ KeyId: opts.keyId, Plaintext: passphrase }),\n )\n const blob = out.CiphertextBlob\n if (!blob) throw new Error('@noy-db/at-aws-kms: KMS Encrypt returned no CiphertextBlob')\n return blob instanceof Uint8Array ? blob : new Uint8Array(blob)\n },\n\n async unseal(sealed) {\n const out: DecryptCommandOutput = await client.send(\n new DecryptCommand({ CiphertextBlob: sealed, KeyId: opts.keyId }),\n )\n const pt = out.Plaintext\n if (!pt) throw new Error('@noy-db/at-aws-kms: KMS Decrypt returned no Plaintext')\n return pt instanceof Uint8Array ? pt : new Uint8Array(pt)\n },\n }\n}\n"],"mappings":";AAkDA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,OAGK;AAqBA,SAAS,sBAAsB,MAAwD;AAC5F,QAAM,SAAS,KAAK,UAAU,IAAI,UAAU,CAAC,CAAC;AAC9C,SAAO;AAAA,IACL,IAAI,WAAW,KAAK,KAAK;AAAA,IAEzB,MAAM,KAAK,YAAY;AACrB,YAAM,MAA4B,MAAM,OAAO;AAAA,QAC7C,IAAI,eAAe,EAAE,OAAO,KAAK,OAAO,WAAW,WAAW,CAAC;AAAA,MACjE;AACA,YAAM,OAAO,IAAI;AACjB,UAAI,CAAC,KAAM,OAAM,IAAI,MAAM,4DAA4D;AACvF,aAAO,gBAAgB,aAAa,OAAO,IAAI,WAAW,IAAI;AAAA,IAChE;AAAA,IAEA,MAAM,OAAO,QAAQ;AACnB,YAAM,MAA4B,MAAM,OAAO;AAAA,QAC7C,IAAI,eAAe,EAAE,gBAAgB,QAAQ,OAAO,KAAK,MAAM,CAAC;AAAA,MAClE;AACA,YAAM,KAAK,IAAI;AACf,UAAI,CAAC,GAAI,OAAM,IAAI,MAAM,uDAAuD;AAChF,aAAO,cAAc,aAAa,KAAK,IAAI,WAAW,EAAE;AAAA,IAC1D;AAAA,EACF;AACF;","names":[]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@noy-db/at-aws-kms",
3
- "version": "0.2.0-pre.4",
3
+ "version": "0.2.0-pre.6",
4
4
  "description": "AWS KMS sealing key provider for noy-db managed-passphrase mode — seal/unseal via KMS Encrypt/Decrypt, with KMS access logs.",
5
5
  "license": "MIT",
6
6
  "author": "vLannaAi <vicio@lanna.ai>",
@@ -40,14 +40,14 @@
40
40
  },
41
41
  "peerDependencies": {
42
42
  "@aws-sdk/client-kms": "^3.0.0",
43
- "@noy-db/hub": "0.2.0-pre.4"
43
+ "@noy-db/hub": "0.2.0-pre.6"
44
44
  },
45
45
  "devDependencies": {
46
46
  "@types/node": "^22.0.0",
47
47
  "@aws-sdk/client-kms": "^3.0.0",
48
- "@noy-db/on-shamir": "0.2.0-pre.4",
49
- "@noy-db/to-memory": "0.2.0-pre.4",
50
- "@noy-db/hub": "0.2.0-pre.4"
48
+ "@noy-db/hub": "0.2.0-pre.6",
49
+ "@noy-db/on-shamir": "0.2.0-pre.6",
50
+ "@noy-db/to-memory": "0.2.0-pre.6"
51
51
  },
52
52
  "keywords": [
53
53
  "noy-db",