13 releases
0.4.7 | Mar 5, 2024 |
---|---|
0.4.6 | Jan 9, 2023 |
0.4.5 | Dec 12, 2022 |
0.4.4 | Sep 28, 2022 |
0.1.0 | Mar 7, 2017 |
#299 in Encoding
Used in 2 crates
(via witchcraft-server)
31KB
687 lines
serde-encrypted-value
Serde deserializer which transparently decrypts embedded encrypted strings.
Application configurations typically consist mostly of non-sensitive information, with a few bits of information that is sensitive such as authentication secrets or cookie encryption keys. Storing those sensitive values in an encrypted form at rest can defend against leakage when, for example, copy/pasting the config as long as the encryption key is not additionally leaked.
It is compatible with https://github.com/palantir/encrypted-config-value, though unlike that library, serde-encrypted-value does not support RSA.
Usage
Assume we have a conf/encrypted-config-value.key
file that looks like:
AES:NwQZdNWsFmYMCNSQlfYPDJtFBgPzY8uZlFhMCLnxNQE=
And a conf/config.json
file that looks like:
{
"secret_value": "${enc:5BBfGvf90H6bApwfxUjNdoKRW1W+GZCbhBuBpzEogVBmQZyWFFxcKyf+UPV5FOhrw/wrVZyoL3npoDfYjPQV/zg0W/P9cVOw}",
"non_secret_value": "hello, world!"
}
extern crate serde;
extern crate serde_json;
extern crate serde_encrypted_value;
#[macro_use]
extern crate serde_derive;
use serde::Deserialize;
use std::io::Read;
use std::fs::File;
#[derive(Deserialize)]
struct Config {
secret_value: String,
non_secret_value: String,
}
fn main() {
let key = "conf/encrypted-config-value.key";
let key = serde_encrypted_value::Key::from_file(key)
.unwrap();
let mut config = vec![];
File::open("conf/config.json")
.unwrap()
.read_to_end(&mut config)
.unwrap();
let mut deserializer = serde_json::Deserializer::from_slice(&config);
let deserializer = serde_encrypted_value::Deserializer::new(
&mut deserializer, key.as_ref());
let config = Config::deserialize(deserializer).unwrap();
assert_eq!(config.secret_value, "L/TqOWz7E4z0SoeiTYBrqbqu");
assert_eq!(config.non_secret_value, "hello, world!");
}
License
This repository is made available under the Apache 2.0 License.
Dependencies
~2–3MB
~60K SLoC