Crate encrypt_config
source ·Expand description
encrypt-config
A rust crate to manage, persist and encrypt your configurations.
Explore the docs »
View Demo
·
Report Bug
·
Request Feature
Table of Contents
About The Project
Sometimes, we need to store config in our application that we don’t want to expose to the public. For example, the database password, the api key, etc.
One solution is to store them in the OS’ secret manager, such as Keychain on macOS, Credential Manager on Windows, libsecret on Linux.
However, they usually have limitation on the secret length. For example, Keychain only allows 255 bytes for the secret, Credential Manager is even shorter. So we can’t store a long secret in it.
Another solution is to store the secret in a file and encrypt it with a rsa public key, and store the private key in the OS’ secret manager. This is what this crate does.
In other cases, maybe our secret is not a String, but a config struct. We can also use this crate to manage it. When invoke Config::get, it will deserialize the config from the cache and return it.
This crate provides 3 ways to manage your config:
Source: A normal source, not persisted or encryptedPersistSource: A source that will be persisted to local file, not encryptedSecretSource: A source that will be persisted to local file and encrypted
This crate also has some optional features:
persist: If enabled, you can use thePersistSourcetrait.secret: If enabled, you can use thePersistSourceand theSecretSourcetrait.mock: If enabled, you can use the mock for testing, which will not use the OS’ secret manager and automatically delete the config file persisted to disk after the test.derive: If enabled, you can use the derive macros to implement theSource,PersistSourceandSecretSourcetrait.default_config_dir: If enabled, the default config dir will be used. Implemented through dirs-next.protobuf: If enabled, protobuf will be used instead of json for better performance. (Not implemented yet)
Built With
- Rust
- Keyring
Usage
(You may see many #[cfg(feature = "...")] in the example below, if you are not familar to Rust, you may not know this attribute is for Conditinal Compile, so that I can test it in cargo test --all-features automatically to ensure all go right.)
You can implement the Source, PersistSource and SecretSource yourself.
use encrypt_config::{Config, SecretSource};
use serde::{Deserialize, Serialize};
#[derive(Serialize, Deserialize, PartialEq, Debug)]
struct Foo(String);
struct SecretSourceImpl;
// impl `SecectSource` trait for `SecretSourceImpl`
impl SecretSource for SecretSourceImpl {
type Value = Foo;
type Map = Vec<(String, Self::Value)>;
#[cfg(not(feature = "default_config_dir"))]
fn path(&self) -> std::path::PathBuf {
std::path::PathBuf::from("../tests").join("secret.conf")
}
#[cfg(feature = "default_config_dir")]
fn source_name(&self) -> String {
"secret.conf".to_owned()
}
fn default(&self) -> Result<Self::Map, Box<dyn std::error::Error>> {
Ok(vec![("secret".to_owned(), Foo("secret".to_owned()))])
}
}
let mut config = Config::new("test"); // Now it's empty
let expect = Foo("secret".to_owned());
config.add_secret_source(SecretSourceImpl).unwrap();
assert_eq!(config.get::<_, Foo>("secret").unwrap(), expect);
// upgrade the secret
let new_expect = Foo("new secret".to_owned());
config.upgrade("secret", &new_expect).unwrap();
assert_eq!(config.get::<_, Foo>("secret").unwrap(), new_expect);
// read from disk
let mut config_new = Config::new("test");
config_new.add_secret_source(SecretSourceImpl).unwrap(); // Read secret config from disk
assert_eq!(config_new.get::<_, Foo>("secret").unwrap(), new_expect); // The persist source is brought backYou can also use the derive macros.
use encrypt_config::{PersistSource, SecretSource, Source};
use serde::{Deserialize, Serialize};
#[derive(Serialize, Deserialize, PartialEq, Debug)]
struct Foo(String);
// To derive [`Source`]
#[derive(Source)]
#[source(value(Foo), default([("key".to_owned(), Foo("value".to_owned()))]))]
struct SourceFoo;
//To derive [`PersistSource`]
#[cfg(not(feature = "default_config_dir"))]
#[derive(PersistSource)]
#[source(value(Foo), path("tests/persist.conf"), default([("key".to_owned(), Foo("value".to_owned()))]))]
struct PersistSourceFoo;
// To derive [`SecretSource`]
#[cfg(not(feature = "default_config_dir"))]
#[derive(SecretSource)]
#[source(value(Foo), path("tests/secret.conf"), default([("key".to_owned(), Foo("value".to_owned()))]))]
struct SecretSourceFoo;For more examples, please refer to the Example or Documentation
Roadmap
- Enable protobuf instead of json for better performance
See the open issues for a full list of proposed features (and known issues).
Contributing
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag “enhancement”. Don’t forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
License
Distributed under the MIT License. See LICENSE.txt for more information.
Contact
Louis - 836250617@qq.com
Project Link: https://github.com/kingwingfly/encrypt-config
Structs
- A struct that can be used to store configuration values.
Enums
- The Error types of
encrypt config, which is implemented bysnafu.
Traits
- PersistSource
persistA trait for persisted but not encrypted config source. - SecretSource
secretA trait for persisted and encrypted config source. - A trait for normal config source that is neither encrypted or persisted.
Type Aliases
- The Result type of
encrypt config, which is implemented bysnafu.
Derive Macros
- PersistSource
deriveandpersistA derive macro helping implementePersistSourcetrait. - SecretSource
deriveandsecretA derive macro helping implementeSecretSourcetrait. - Source
deriveA derive macro helping implementeSourcetrait.