Class: CircuitBreakerClient

Client for interacting with a circuit breaker service for encrypted cloud backups.

remarks A circuit breaker is a service supporting a public decryption function backed by an HSM key. If the need arises, the circuit breaker operator may take the decryption function offline. A client can encrypt data to the circuit breaker public key and store it in a non-public place. This data will then be available under normal circumstances, but become unavailable in the case of an emergency.

It is intended for use in password-based key derivation when ODIS is used as a key hardening function. Clients may include in their key dervivation a random value which they encrypt to the circuit breaker public key. This allows the circuit breaker operator to disable key derivation, by restricting access to the encrypted keying material, in the event that ODIS is conpromised. This acts as a safety measure to allow wallet providers, or other users of ODIS key hardening, to prevent attackers from being able to brute force their users' derived keys in the event that ODIS is compromised such that it can no longer add to the key hardening.

The circuit breaker service is designed for use in the encrypted cloud backup protocol. More information about encrypted cloud backup and the circuit breaker service can be found in the official Celo documentation


  • CircuitBreakerClient







+ new CircuitBreakerClient(environment: CircuitBreakerServiceContext): CircuitBreakerClient

Defined in packages/sdk/identity/src/odis/circuit-breaker.ts:135


Name Type
environment CircuitBreakerServiceContext

Returns: CircuitBreakerClient


Readonly environment

environment: CircuitBreakerServiceContext

Defined in packages/sdk/identity/src/odis/circuit-breaker.ts:136



status(): Promise‹Result‹CircuitBreakerKeyStatus, CircuitBreakerError››

Defined in packages/sdk/identity/src/odis/circuit-breaker.ts:148

Check the current status of the circuit breaker service. Result will reflect whether or not the circuit breaker keys are currently available.

Returns: Promise‹Result‹CircuitBreakerKeyStatus, CircuitBreakerError››


unwrapKey(ciphertext: Buffer): Promise‹Result‹Buffer, CircuitBreakerError››

Defined in packages/sdk/identity/src/odis/circuit-breaker.ts:211

Request the circuit breaker service to decrypt the provided encrypted key value


Name Type
ciphertext Buffer

Returns: Promise‹Result‹Buffer, CircuitBreakerError››


wrapKey(plaintext: Buffer): Result‹Buffer, EncryptionError

Defined in packages/sdk/identity/src/odis/circuit-breaker.ts:192

RSA-OAEP-256 Encrypt the provided key value against the public key of the circuit breaker.

remarks Note that this is an entirely local procedure and does not require interaction with the circuit breaker service. Encryption occurs only against the service public key.


Name Type
plaintext Buffer

Returns: Result‹Buffer, EncryptionError