[][src]Crate serde_encrypted_value

A Serde deserializer which transparently decrypts embedded encrypted strings.

Application configurations typically consist mostly of non-sensitive information, with a few bits of information that is sensitive such as authentication secrets or cookie encryption keys. Storing those sensitive values in an encrypted form at rest can defend against leakage when, for example, copy/pasting the config as long as the encryption key is not additionally leaked.

Usage

Assume we have a conf/encrypted-config-value.key file that looks like:

AES:NwQZdNWsFmYMCNSQlfYPDJtFBgPzY8uZlFhMCLnxNQE=

And a conf/config.json file that looks like:

{
    "secret_value": "${enc:5BBfGvf90H6bApwfxUjNdoKRW1W+GZCbhBuBpzEogVBmQZyWFFxcKyf+UPV5FOhrw/wrVZyoL3npoDfYjPQV/zg0W/P9cVOw}",
    "non_secret_value": "hello, world!"
}
use serde::Deserialize;
use std::fs;

#[derive(Deserialize)]
struct Config {
    secret_value: String,
    non_secret_value: String,
}

fn main() {
    let key = "conf/encrypted-config-value.key";
    let key = serde_encrypted_value::Key::from_file(key)
        .unwrap();

    let config = fs::read("conf/config.json").unwrap();

    let mut deserializer = serde_json::Deserializer::from_slice(&config);
    let deserializer = serde_encrypted_value::Deserializer::new(
        &mut deserializer, key.as_ref());
    let config = Config::deserialize(deserializer).unwrap();

    assert_eq!(config.secret_value, "L/TqOWz7E4z0SoeiTYBrqbqu");
    assert_eq!(config.non_secret_value, "hello, world!");
}

Structs

Deserializer

A deserializer which automatically decrypts strings.

Error

The error type returned by this library.

Key

A key used to encrypt or decrypt values. It represents both an algorithm and a key.

ReadOnly

A marker type indicating that a key can only decrypt values.

ReadWrite

A marker type indicating that a key can both encrypt and decrypt values.

Type Definitions

Result

The reuslt type returned by this library.