wallet_key_utils

Wallet Master Key Utilities

Shared logic for lazily loading, generating, and persisting AES-256-GCM master keys in Redis for wallet encryption.

async wallet_key_utils.ensure_master_key(current_key, redis_client, redis_key, env_var)[source]

Return a 32-byte AES master key, loading or generating as needed.

Resolution order:

  1. current_key – already loaded in memory (fast path).

  2. Environment variable (env_var) – decode, validate, persist to Redis.

  3. Redis (redis_key) – read previously persisted key.

  4. Generate a new random key, persist to Redis.

Parameters:

  • current_key (bytes | None) – The key already held in memory, or None.

  • redis_client – An async Redis client.

  • redis_key (str) – Redis key under which the master key is stored.

  • env_var (str) – Name of the environment variable to check.

Return type:

bytes

Returns:

A 32-byte bytes master key.