/**
 * Encryption utility for sensitive data at rest
 * Uses AES-256-GCM for authenticated encryption
 */
/**
 * Encrypt a string value
 * @param text - Plain text to encrypt
 * @returns Encrypted string in format: iv:salt:tag:encryptedData (all base64)
 */
export declare function encrypt(text: string): string;
/**
 * Decrypt an encrypted string
 * @param encryptedText - Encrypted string with enc:v1: prefix
 * @returns Decrypted plain text
 * @throws Error if format is invalid (forcing reconnect)
 */
export declare function decrypt(encryptedText: string): string;
//# sourceMappingURL=encryption.d.ts.map