Reading the docs and code, it looks like ent exposes the ability to register hooks in mutating operations, but not on reads. The use case I'm trying to solve for is one in which sensitive data is encrypted before being persisted to a database and then decrypted on subsequent reads, assuming the caller provides the appropriate keys/metadata. Given the lack of read hooks, the approaches to this problem today seem to be limited to (1) encrypting in a mutation hook and decrypting in the application or (2) moving all encryption / decryption to the application. (1) is less than ideal because of divergent and arguably non-intuitive implementations and (2) opens up a greater possibility of accidentally circumventing the rules.

Is there another approach to this scenario I'm not seeing? If not, would the ent authors consider either adding this or accepting a contribution that adds this?