Expand description
§rust-config-secrets
rust-config-secrets is a library designed to safely manage secrets within configuration files.
It allows you to encrypt sensitive data (like passwords, API keys) directly within your config strings
or files, and decrypt them at runtime.
§Features
- Encryption: Encrypt plain text configuration strings or files.
- Decryption: Decrypt configuration strings or files containing
SECRET(...)blocks. - Key Generation: Generate secure random keys for AES-256-GCM encryption.
- Format Agnostic: Works with JSON, YAML, TOML, INI, or any text-based format.
§Usage
use rust_config_secrets::{encrypt_secrets, decrypt_secrets, generate_key};
let key = generate_key();
let config = r#"{ "password": "ENCRYPT(my_secret_password)" }"#;
// Encrypt the configuration
let encrypted_config = encrypt_secrets(config, &key).unwrap();
assert!(encrypted_config.contains("SECRET("));
// Decrypt the configuration
let decrypted_config = decrypt_secrets(&encrypted_config, &key).unwrap();
assert!(decrypted_config.contains(r#""password": "my_secret_password""#));Enums§
- Config
Secrets Error - Errors that can occur during configuration secret management.
Functions§
- decrypt_
file - Decrypts a configuration file and returns the content as a string.
- decrypt_
secrets - Decrypts all
SECRET(...)blocks in the provided string. - decrypt_
value - Decrypts a single value. Accepts either
SECRET(...)format or raw encoded string. - encrypt_
file - Reads a file, encrypts its secrets, and writes the result to a different output file.
- encrypt_
file_ in_ place - Reads a file, encrypts its secrets, and overwrites the file with the result.
- encrypt_
secrets - Encrypts all
ENCRYPT(...)blocks in the provided string, converting them toSECRET(...). - encrypt_
secrets_ to_ file - Encrypts secrets in a string and writes the result to a file.
- encrypt_
value - Encrypts a single value and returns the encoded ciphertext.
- generate_
key - Generates a random 32-byte AES key and returns it as an alphanumeric encoded string.