#secret

bin+lib etoml

A command line utility for managing secrets in encrypted TOML files

3 unstable releases

0.2.1 Sep 8, 2023
0.2.0 Sep 8, 2023
0.1.0 Sep 8, 2023

#195 in #secret

MIT license

2MB
506 lines

CI badge Latest version Docs

etoml

A tool to create and manage application secrets securely protected in encrypted (with ChaCha) toml files.

This is basically a Rust/Toml port of ejson.

  • It generates a private/public key pair for you
  • The publich key is stored with your secrets in a secrets.etoml in your repository
  • The private key is stored /opt/etoml/keys (on your server)
  • The values in the secrets.etoml are encrypted via the CLI tool

The main difference to ejson is that it gives you a function to decrypt your secrets directly into a struct in your application.

Demonstration

Install

cargo install etoml

Usage

To create/manage secret files you use the command line interface:

Usage: etoml-write <COMMAND>

Commands:
  init     Create a new encrypted TOML file
  encrypt  (Re-)encrypt unencrypted values in an existinf etoml file
  decrypt  decrypt unencrypted values in an existinf etoml file
  help     Print this message or the help of the given subcommand(s)

Options:
  -h, --help  Print help

In you app you can define a struct with the matching fields to decode your secrets into:

use serde::{Deserialize, Serialize};

#[derive(Serialize, Deserialize)]
struct AppSecrets {
    github: String
}

fn main() -> Result<(), etoml::EtomlError>  {
    let secrets = etoml::decrypt_default::<AppSecrets>()?;
    println!("Github key: {}", secrets.github);
    Ok(())
}

Dependencies

~3.5–5MB
~97K SLoC