confguard

Crates.ioconfguard
lib.rsconfguard
version3.2.0
created_at2025-07-03 21:23:14.890893+00
updated_at2025-07-03 21:23:14.890893+00
descriptionGuard your sensitive configuration files
homepage
repositoryhttps://github.com/sysid/rs-cg
max_upload_size
id1737047
size295,024
sysid (sysid)

documentation

README

ConfGuard

A Rust-based configuration management tool for securing and managing environment files across different deployment stages.

Overview

ConfGuard helps manage sensitive configuration files by:

  • Moving configuration files to a secure, centralized location
  • Creating symbolic links to maintain project structure
  • Supporting multiple environment configurations (local, test, integration, production)
  • Integrating with SOPS for encryption/decryption workflows
  • Providing IDE integration for development workflows

Features

Core Functionality

  • Guard Projects: Secure existing projects by moving .envrc files to a managed location
  • Multi-Environment Support: Automatically creates environment files for different stages
  • Symbolic Link Management: Maintains project structure while securing configurations
  • SOPS Integration: Built-in support for encrypting/decrypting sensitive files
  • IDE Integration: Creates IntelliJ/VSCode run configurations

Environment Files

When guarding a project, ConfGuard automatically creates multiple environment files:

  • local.env - Local development environment
  • test.env - Testing environment
  • int.env - Integration/staging environment
  • prod.env - Production environment

Each file contains export RUN_ENV="<environment>" to identify the active environment.

Installation

cargo install --path .

Usage

Basic Commands

Guard a Project

Secure an existing project with a .envrc file:

confguard guard /path/to/project

This will:

  1. Move the .envrc file to a secure location
  2. Create a symbolic link in its place
  3. Generate environment files (local.env, test.env, int.env, prod.env)
  4. Set up SOPS environment structure
  5. Create IDE run configurations

Show Project Status

Display information about a guarded project:

confguard show /path/to/project

Unguard a Project

Remove ConfGuard management and restore original files:

confguard unguard /path/to/project

Initialize New Project

Create a new .envrc file from template:

confguard init /path/to/project

Advanced Commands

Guard Single File

Guard an individual file within a project:

confguard guard-one /path/to/project /path/to/file

Relink Configurations

Restore broken symbolic links:

confguard relink /path/to/dot.envrc

Replace Link with Target

Convert a symbolic link back to a regular file:

confguard replace-link /path/to/link

Fix Run Configurations

Update IDE run configurations:

confguard fix-run-config /path/to/project

SOPS Integration

Initialize SOPS Configuration

confguard sops-init [--template /path/to/template]

Encrypt Files

confguard sops-enc [--dir /path/to/directory]

Decrypt Files

confguard sops-dec [--dir /path/to/directory]

Clean Encrypted Files

confguard sops-clean [--dir /path/to/directory]

Configuration

Environment Variables

  • CONFGUARD_BASE_DIR: Override default base directory (default: $HOME/xxx/rs-cg)
  • CONFGUARD_VERSION: Override configuration version

File Structure

When a project is guarded, files are organized as:

$CONFGUARD_BASE_DIR/
├── guarded/
│   └── <project-name-uuid>/
│       ├── dot.envrc              # Original .envrc content
│       └── environments/
│           ├── local.env          # export RUN_ENV="local"
│           ├── test.env           # export RUN_ENV="test"
│           ├── int.env            # export RUN_ENV="int"
│           └── prod.env           # export RUN_ENV="prod"
└── confguard.toml                 # SOPS configuration

SOPS Configuration

Create confguard.toml in your base directory:

gpg_key = "your-gpg-key-id"

file_extensions_enc = ["env"]
file_names_enc = ["local.env", "test.env"]

file_extensions_dec = ["enc"]
file_names_dec = []

Development

Building

cargo build --release

Testing

# Run all tests
cargo test -- --test-threads=1

# Run specific test module
cargo test core::guard

Project Structure

src/
├── cli/           # Command-line interface
├── core/          # Core guarding functionality
├── sops/          # SOPS encryption integration
├── util/          # Utility functions
└── errors.rs      # Error handling with thiserror

Error Handling

ConfGuard uses thiserror for structured error handling, providing specific error types for different failure scenarios:

  • File system operations
  • Configuration validation
  • SOPS integration
  • Project state validation

Contributing

  1. Follow Rust style guidelines
  2. Add tests for new functionality
  3. Update documentation
  4. Ensure all tests pass: cargo test -- --test-threads=1

License

[License information would go here]

Commit count: 0

cargo fmt