envcrypt 0.5.0

Encrypt environment variables at compile-time and decrypt them at runtime.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

//! Contains the implementation of the decryption side of `envcrypt!`

use chacha20poly1305::{
    aead::{Aead, KeyInit},
    ChaCha20Poly1305, Key, Nonce,
};

/// Decrypts some bytes from a given key and nonce using exactly the same
/// logic as [`envc!`](crate::envc) and [`option_envc!`](crate::option_envc).
///
/// DO NOT CALL THIS FUNCTION YOURSELF. Decryption is handled automatically
/// by the [`envc!`](crate::envc) and [`option_envc!`](crate::option_envc) macros at runtime.
pub fn decrypt(data: &[u8]) -> &'static str {
    let key = Key::from_slice(&data[..32]);
    let nonce = Nonce::from_slice(&data[32..44]);
    let ciphertext = &data[44..];

    let cipher = ChaCha20Poly1305::new(key);

    let decrypted_buffer = cipher.decrypt(nonce, ciphertext).unwrap();

    let decrypted_variable = String::from_utf8(decrypted_buffer)
        .unwrap()
        .into_boxed_str();

    Box::leak(decrypted_variable)
}