Crates.io | cargo-pwhide |
lib.rs | cargo-pwhide |
version | 0.3.4 |
source | src |
created_at | 2023-08-25 13:16:55.1615 |
updated_at | 2023-08-25 15:28:10.237385 |
description | pwhide encrypts passwords using the crate name as secret. This is marginal better then plain text. It is a tool for encryption and a lib to do runtime decryption- |
homepage | https://github.com/opensource-inemar-net/cargo-pwhide |
repository | https://github.com/opensource-inemar-net/cargo-pwhide |
max_upload_size | |
id | 954715 |
size | 32,108 |
This tooling allows to hide/obfuscate password. It adds no security
Unfortunately not everywhere a secret managment is available. Especially in internal tools. This missing secret managment means that passwords must be handled it a non secure way.
The worst part is to commit passwords in config files in plain text to git. A little less worse is to have them in clear text on server config files.
This tooling tries to make it easy to hide the passwords from somebody, who is just looking at the git content, without spending time to try to decrypt the passwords.
The solution doesn't provide any real security.
The solution contains of two parts:
cargo install cargo-pwhide
This allow to encrypt/decrypt password with
cargo pwhide encryt [password] or cargo pwhide decryt [password}
This must be executed in a directory with a valid Cargo.toml file. The secret for encryption and decrpytion is the name of the crate.
Each encrytpion run provides a different output, because a random nounce is selected Encryption is done using Chacha20poly1305 and base62 encoding
install it by adding to your Cargo.toml
cargo-pwhide = {version="*", feature=["lib"], default-features = false}
This includes only the minimum number of dependencies.
The easiet way to use it is by using the simple macro
use cargo_pwhide::pwdecrypt;
let clear_text=pwdecrypt!(encrypted_password);
The macro
pwdecrypt!(encrypted_password) -> String expands to
pwdecrypt(env!("CARGO_PKG_NAME"),encrypted_password) -> String
Instead of using the macro the decrypt function can be also called directly.
pwdecrypt (secret:Into
It should be called with pwdecrypt(env!("CARGO_PKG_NAME"),encrypted_password)
If anybody needs this the following enhancments would be done:
remove dependencies for clap etc if just doing decryption
allow to specify the secret for encryption
allow to use a static nounce for reproducible encryption