etoml
A tool to create and manage application secrets securely protected in encrypted (with ChaCha) toml files.
This is basically a Rust/Toml port of ejson.
- It generates a private/public key pair for you
- The publich key is stored with your secrets in a
secrets.etoml
in your repository - The private key is stored
/opt/etoml/keys
(on your server) - The values in the
secrets.etoml
are encrypted via the CLI tool
The main difference to ejson is that it gives you a function to decrypt your secrets directly
into a struct
in your application.
Install
cargo install etoml
Usage
To create/manage secret files you use the command line interface:
Usage: etoml-write <COMMAND>
Commands:
init Create a new encrypted TOML file
encrypt (Re-)encrypt unencrypted values in an existinf etoml file
decrypt decrypt unencrypted values in an existinf etoml file
help Print this message or the help of the given subcommand(s)
Options:
-h, --help Print help
In you app you can define a struct with the matching fields to decode your secrets into:
use serde::{Deserialize, Serialize};
#[derive(Serialize, Deserialize)]
struct AppSecrets {
github: String
}
fn main() -> Result<(), etoml::EtomlError> {
let secrets = etoml::decrypt_default::<AppSecrets>()?;
println!("Github key: {}", secrets.github);
Ok(())
}