wallet_key_utils

Wallet Master Key Utilities

Shared logic for lazily loading 32-byte AES-256-GCM master keys for wallet encryption. Keys are loaded exclusively from the configured environment variable; the legacy Redis persistence/generation path has been removed for security, so a missing or invalid key raises ValueError and disables wallet features rather than minting a new key.

async wallet_key_utils.ensure_master_key(current_key, redis_client, redis_key, env_var)[source]

Return a 32-byte AES master key, loading exclusively from the environment variable.

Resolution order:

  1. current_key – already loaded in memory (fast path).

  2. Environment variable (env_var) – decode, validate.

  3. If missing, log structured ASCII warning and raise exception to prevent unsafe operations.

Parameters:

  • current_key (bytes | None) – The key already held in memory, or None.

  • redis_client – An async Redis client (ignored, as Redis key persistence is removed for security).

  • redis_key (str) – Redis key under which the master key was previously stored (ignored).

  • env_var (str) – Name of the environment variable to check.

Return type:

bytes

Returns:

A 32-byte bytes master key.