serde-encrypted-value
Serde deserializer which transparently decrypts embedded encrypted strings.
Application configurations typically consist mostly of non-sensitive information, with a few bits of information that is sensitive such as authentication secrets or cookie encryption keys. Storing those sensitive values in an encrypted form at rest can defend against leakage when, for example, copy/pasting the config as long as the encryption key is not additionally leaked.
It is compatible with https://github.com/palantir/encrypted-config-value, though unlike that library, serde-encrypted-value does not support RSA.
Usage
Assume we have a conf/encrypted-config-value.key
file that looks like:
AES:NwQZdNWsFmYMCNSQlfYPDJtFBgPzY8uZlFhMCLnxNQE=
And a conf/config.json
file that looks like:
extern crate serde;
extern crate serde_json;
extern crate serde_encrypted_value;
extern crate serde_derive;
use Deserialize;
use Read;
use File;
License
This repository is made available under the Apache 2.0 License.