Crate envenc

Source
Expand description

§EnvEnc - Secure Environment Variable Management

EnvEnc is a Rust crate that helps you securely encrypt and decrypt environment variables using the ChaCha20-Poly1305 or AES256-GCM encryption schemes.

Store sensitive information like API keys, database credentials, and other configuration secrets in your .env file in a secure, encrypted format.

§Features

  • Encrypt environment variables before storing them.
  • Automatically decrypt environment variables when needed.
  • Support for secure key and nonce generation.
  • Support for multiple encryption algorithms.

§Usage

Below is an example of how to encrypt, decrypt, and read environment variables using EnvEnc:

use envenc::{decrypt_env, keys_generation, read_env, read_env_enc, set_enc_env, CipherType};

fn main() {
    // Choose cipher type
    let cipher_type = CipherType::AES256GCM; // or CipherType::ChaCha20Poly1305

    // Generate encryption key and nonce
    let (key, nonce) = keys_generation(cipher_type);

    // Encrypt and set environment variables
    set_enc_env(
        "DATABASE_URL",
        "postgres://user:password@localhost/db",
        cipher_type,
        &key,
        &nonce,
    );
    set_enc_env(
        "API_KEY",
        "super_secret_api_key",
        cipher_type,
        &key,
        &nonce,
    );
    set_enc_env(
        "CACHE_SERVER",
        "redis://localhost:6379",
        cipher_type,
        &key,
        &nonce,
    );

    // Read the encrypted environment variables from the .env file
    let encrypted_env = read_env_enc();

    // Decrypt the environment variables using the key and nonce
    decrypt_env(encrypted_env, cipher_type, &key, &nonce);

    // Read the decrypted values from the environment variables
    let database_url = read_env("DATABASE_URL").unwrap_or("DATABASE_URL not found".to_string());
    let api_key = read_env("API_KEY").unwrap_or("API_KEY not found".to_string());
    let cache_server = read_env("CACHE_SERVER").unwrap_or("CACHE_SERVER not found".to_string());

    // Print the decrypted environment variables
    println!("Database URL: {}", database_url);
    println!("API Key: {}", api_key);
    println!("Cache Server: {}", cache_server);
}

§How It Works

  1. Key and Nonce Generation: The key and nonce are generated using secure random bytes. This ensures that each encryption is securely tied to unique keys.
  2. Encryption and Storage: Sensitive environment variables are encrypted and stored in the .env file.
  3. Decryption: The encrypted variables are decrypted and read back into the runtime environment using the same key and nonce.

§Why Use EnvEnc?

  • Security: Environment variables are stored in an encrypted format, reducing the risk of exposing sensitive data.
  • Ease of Use: Encrypting and decrypting environment variables is as simple as calling a few functions.
  • Customization: You can choose between different encryption algorithms, giving you flexibility in how encryption is handled.

Enums§

CipherType
Enum to represent different cipher types.

Functions§

decrypt
Decrypts data based on the cipher type.
decrypt_env
Decrypts the provided environment variables using the provided cipher, key, and nonce, and sets them in the current process environment.
encrypt
Encrypts data based on the cipher type.
keys_generation
Generates or retrieves the encryption key and nonce based on the cipher type.
read_env
Reads the value of a decrypted environment variable by its name.
read_env_enc
Reads all encrypted environment variables from the .env file.
set_enc_env
Encrypts and stores an environment variable using the provided cipher, key, and nonce.