ObjectStorageDurableStateStoreOptions
Esta página aún no está disponible en tu idioma.
Defined in: src/persistence/durable-state-stores/ObjectStorageDurableStateStore.ts:52
Properties
Section titled “Properties”backend
Section titled “backend”
readonlybackend:ObjectStorageBackend
Defined in: src/persistence/durable-state-stores/ObjectStorageDurableStateStore.ts:53
compression?
Section titled “compression?”
readonlyoptionalcompression?:CompressionConfig|CompressionResolver
Defined in: src/persistence/durable-state-stores/ObjectStorageDurableStateStore.ts:55
encryption?
Section titled “encryption?”
readonlyoptionalencryption?:EncryptionConfig|EncryptionResolver
Defined in: src/persistence/durable-state-stores/ObjectStorageDurableStateStore.ts:56
integrity?
Section titled “integrity?”
readonlyoptionalintegrity?:IntegrityConfig|IntegrityResolver
Defined in: src/persistence/durable-state-stores/ObjectStorageDurableStateStore.ts:69
Opt-in HMAC-SHA256 integrity protection over each body (#116).
Closes a tamper-in-place gap on unencrypted bodies: without this,
an attacker with write access to the backend bucket can flip the
revision field in the JSON and bypass CAS. Default { mode: 'none' }
is back-compat (no integrity tag); set { mode: 'hmac-sha256', integrityKey } to protect new writes and verify reads.
Legacy bodies without the integrity flag still decode cleanly — tag is opt-in. Migrate by reading-then-writing once integrity is enabled.
prefix?
Section titled “prefix?”
readonlyoptionalprefix?:string
Defined in: src/persistence/durable-state-stores/ObjectStorageDurableStateStore.ts:54
requireIntegrity?
Section titled “requireIntegrity?”
readonlyoptionalrequireIntegrity?:boolean
Defined in: src/persistence/durable-state-stores/ObjectStorageDurableStateStore.ts:76
When set with an integrity config, decode rejects bodies that
DON’T carry an integrity tag. Use after a deployment has been
fully migrated so an attacker can’t downgrade by re-writing a
body without the tag.