Skip to content

domain.protocols.encryption_protocol

src.domain.protocols.encryption_protocol

Encryption protocol for provider credentials.

Defines the port for encryption/decryption operations. Infrastructure layer implements this protocol to provide AES-256-GCM encryption.

Architecture
  • Domain layer protocol (port)
  • Infrastructure adapter: src/infrastructure/providers/encryption_service.py
  • Used by sync handlers to decrypt provider credentials
Reference
  • docs/architecture/hexagonal.md
  • docs/architecture/provider-integration-architecture.md

Classes

EncryptionError dataclass

Bases: DomainError

Base encryption error.

Used when encryption or decryption fails. Does NOT inherit from Exception - used in Result types.

Source code in src/domain/protocols/encryption_protocol.py 
28
29
30
31
32
33
34
35
36
@dataclass(frozen=True, slots=True, kw_only=True)
class EncryptionError(DomainError):
    """Base encryption error.

    Used when encryption or decryption fails.
    Does NOT inherit from Exception - used in Result types.
    """

    pass

EncryptionKeyError dataclass

Bases: EncryptionError

Invalid encryption key.

Occurs when key doesn't meet requirements (wrong length, etc.).

Source code in src/domain/protocols/encryption_protocol.py 
39
40
41
42
43
44
45
46
@dataclass(frozen=True, slots=True, kw_only=True)
class EncryptionKeyError(EncryptionError):
    """Invalid encryption key.

    Occurs when key doesn't meet requirements (wrong length, etc.).
    """

    pass

DecryptionError dataclass

Bases: EncryptionError

Decryption failure.

Occurs when: - Wrong encryption key - Data has been tampered with - Invalid encrypted data format

Source code in src/domain/protocols/encryption_protocol.py 
49
50
51
52
53
54
55
56
57
58
59
@dataclass(frozen=True, slots=True, kw_only=True)
class DecryptionError(EncryptionError):
    """Decryption failure.

    Occurs when:
    - Wrong encryption key
    - Data has been tampered with
    - Invalid encrypted data format
    """

    pass

SerializationError dataclass

Bases: EncryptionError

Serialization/deserialization failure.

Occurs when data cannot be serialized to JSON or decrypted data cannot be parsed as JSON.

Source code in src/domain/protocols/encryption_protocol.py 
62
63
64
65
66
67
68
69
70
@dataclass(frozen=True, slots=True, kw_only=True)
class SerializationError(EncryptionError):
    """Serialization/deserialization failure.

    Occurs when data cannot be serialized to JSON
    or decrypted data cannot be parsed as JSON.
    """

    pass

EncryptionProtocol

Bases: Protocol

Protocol for encryption/decryption operations.

Abstracts the encryption service used by application layer handlers. Infrastructure layer provides concrete implementation.

Example

class SyncAccountsHandler: def init( self, encryption_service: EncryptionProtocol, ... ) -> None: self._encryption = encryption_service

async def handle(self, cmd: SyncAccounts) -> Result[...]:
    result = self._encryption.decrypt(encrypted_data)
    ...
Source code in src/domain/protocols/encryption_protocol.py 
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
class EncryptionProtocol(Protocol):
    """Protocol for encryption/decryption operations.

    Abstracts the encryption service used by application layer handlers.
    Infrastructure layer provides concrete implementation.

    Example:
        class SyncAccountsHandler:
            def __init__(
                self,
                encryption_service: EncryptionProtocol,
                ...
            ) -> None:
                self._encryption = encryption_service

            async def handle(self, cmd: SyncAccounts) -> Result[...]:
                result = self._encryption.decrypt(encrypted_data)
                ...
    """

    def encrypt(self, data: dict[str, Any]) -> Result[bytes, EncryptionError]:
        """Encrypt credentials dictionary to bytes.

        Args:
            data: Credentials dictionary to encrypt. Must be JSON-serializable.

        Returns:
            Success(bytes) with encrypted data.
            Failure(EncryptionError) if encryption fails.
        """
        ...

    def decrypt(self, encrypted: bytes) -> Result[dict[str, Any], EncryptionError]:
        """Decrypt bytes back to credentials dictionary.

        Args:
            encrypted: Encrypted bytes from encrypt().

        Returns:
            Success(dict) with original credentials dictionary.
            Failure(DecryptionError) if decryption fails.
        """
        ...
Functions
encrypt 
encrypt(
    data: dict[str, Any],
) -> Result[bytes, EncryptionError]

Encrypt credentials dictionary to bytes.

Parameters:

Name Type Description Default
data dict[str, Any]

Credentials dictionary to encrypt. Must be JSON-serializable.

 required

Returns:

Type Description
Result[bytes, EncryptionError]

Success(bytes) with encrypted data.
Result[bytes, EncryptionError]

Failure(EncryptionError) if encryption fails.
Source code in src/domain/protocols/encryption_protocol.py 
 98
 99
100
101
102
103
104
105
106
107
108
def encrypt(self, data: dict[str, Any]) -> Result[bytes, EncryptionError]:
    """Encrypt credentials dictionary to bytes.

    Args:
        data: Credentials dictionary to encrypt. Must be JSON-serializable.

    Returns:
        Success(bytes) with encrypted data.
        Failure(EncryptionError) if encryption fails.
    """
    ...
decrypt 
decrypt(
    encrypted: bytes,
) -> Result[dict[str, Any], EncryptionError]

Decrypt bytes back to credentials dictionary.

Parameters:

Name Type Description Default
encrypted bytes

Encrypted bytes from encrypt().

 required

Returns:

Type Description
Result[dict[str, Any], EncryptionError]

Success(dict) with original credentials dictionary.
Result[dict[str, Any], EncryptionError]

Failure(DecryptionError) if decryption fails.
Source code in src/domain/protocols/encryption_protocol.py 
110
111
112
113
114
115
116
117
118
119
120
def decrypt(self, encrypted: bytes) -> Result[dict[str, Any], EncryptionError]:
    """Decrypt bytes back to credentials dictionary.

    Args:
        encrypted: Encrypted bytes from encrypt().

    Returns:
        Success(dict) with original credentials dictionary.
        Failure(DecryptionError) if decryption fails.
    """
    ...