Expand description
Read and decrypt sealed environment variables.
This crate mirrors the ergonomics of std::env::var, but understands values stored
in the ENCv1:<base64(nonce)>:<base64(ciphertext)> format. If a value is encrypted,
SEALED_KEY must be present in the environment for decryption.
§Quick start
use sealed_env::{var, var_or_plain, var_optional};
std::env::set_var("SEALED_KEY", "<base64-key>");
std::env::set_var("DATABASE_PASSWORD", "ENCv1:...:...");
let secret = var("DATABASE_PASSWORD")?;
let maybe_plain = var_or_plain("MAYBE_PLAINTEXT")?;
let optional = var_optional("OPTIONAL_SECRET")?;§Behavior summary
var: requires the variable to be present and encrypted.var_or_plain: returns plaintext as-is if it is not encrypted.var_optional: returnsOk(None)if not set; otherwise decrypts if needed.
Enums§
- Sealed
EnvError - Errors returned by
sealed-env.
Functions§
- var
- Read an encrypted variable from the process environment.
- var_
optional - Read a variable, returning
Ok(None)if it is not set. - var_
or_ plain - Read a variable and return plaintext as-is if it is not encrypted.