Encryption.encrypt()/decrypt() - needs to cache

[cer]

When loading an entity, decrypt() can be called once for each of an entity's events.
Its likely the events will be the same for all events.
it's inefficient to repeatedly fetch the same encryption key from the database.
Similarly, when saving an aggregate, encrypt() will be called repeatedly. Once per event.
And when updating an aggregate both decrypt() and encrypt() are called repeatedly.

Implementing a generic cache is tricky because you need to deal with invalidation.
However, implementing caching at the level of a call to a AggregateRepository method, or EsClient method is straightforward:

• AggregateRepository instantiate a cache (e.g. a Javascript new Object()), and pass it as an encryptionKeyCache option to the EsClient methods
• If an EsClient method isn't passed a encryptionKeyCache it creates one
• EsClient pass the encryptionKeyCache to encrypt() and decrypt()
• encrypt() and decrypt() use the cached value, otherwise call findKey() and update the cache

Note: need to think about the case when a client creates an encryption key, saves it in the DB and then invokes the AggregateRepository. Wasteful to query the DB. I wonder whether create()'s options can be encryptionKeyId and an encryptionKey

[cer]

I wonder whether encryption options, such be under a single top-level key: encryption. It can have attributes: encryptionKeyId, encryptionKey and encryptionKeyCache. Perhaps support encryptionKeyId at the top-level for a while to avoid introducing a breaking change.