envenc
| Crates.io | envenc |
| lib.rs | envenc |
| version | 0.0.3 |
| source | src |
| created_at | 2024-09-28 03:30:12.86697 |
| updated_at | 2024-10-06 02:51:18.27468 |
| description | A crate for managing encrypted environment variables using either AES or ChaCha20Poly1305 |
| homepage | |
| repository | https://github.com/Stipulations/EnvEnc |
| max_upload_size | |
| id | 1389730 |
| size | 25,093 |
(Stipulations)
documentation
https://docs.rs/envenc
README
EnvEnc - Secure Environment Variable Management
EnvEnc is a Rust crate that helps you securely encrypt and decrypt environment variables using the ChaCha20-Poly1305 or AES256-GCM encryption schemes. Store sensitive information like API keys, database credentials, and other configuration secrets in your .env file in a secure, encrypted format.
Features
- Encrypt environment variables before storing them.
- Automatically decrypt environment variables when needed.
- Support for secure key and nonce generation.
- Support for multiple encryption algorithms.
Installation
Add envenc to your Cargo.toml:
[dependencies]
envenc = "0.0.3"
Usage/Examples
Below is an example of how to encrypt, decrypt, and read environment variables using EnvEnc:
use envenc::{decrypt_env, keys_generation, read_env, read_env_enc, set_enc_env, CipherType};
fn main() {
// Choose cipher type
let cipher_type = CipherType::AES256GCM; // or CipherType::ChaCha20Poly1305
// Generate or retrieve encryption key and nonce
let (key, nonce) = keys_generation(cipher_type);
// Encrypt and set environment variables
set_enc_env(
"DATABASE_URL",
"postgres://user:password@localhost/db",
cipher_type,
&key,
&nonce,
);
set_enc_env(
"API_KEY",
"super_secret_api_key",
cipher_type,
&key,
&nonce,
);
set_enc_env(
"CACHE_SERVER",
"redis://localhost:6379",
cipher_type,
&key,
&nonce,
);
// Read the encrypted environment variables from the .env file
let encrypted_env = read_env_enc();
// Decrypt the environment variables using the key and nonce
decrypt_env(encrypted_env, cipher_type, &key, &nonce);
// Read the decrypted values from the environment variables
let database_url = read_env("DATABASE_URL").unwrap_or("DATABASE_URL not found".to_string());
let api_key = read_env("API_KEY").unwrap_or("API_KEY not found".to_string());
let cache_server = read_env("CACHE_SERVER").unwrap_or("CACHE_SERVER not found".to_string());
// Print the decrypted environment variables
println!("Database URL: {}", database_url);
println!("API Key: {}", api_key);
println!("Cache Server: {}", cache_server);
}
Output
Database URL: postgres://user:password@localhost/db
API Key: super_secret_api_key
Cache Server: redis://localhost:6379
How It Works
- Key and Nonce Generation: The key and nonce are generated using the provided passwords. This ensures that each encryption is securely tied to the passwords.
- Encryption and Storage: Sensitive environment variables are encrypted and stored in the
.envfile. - Decryption: The encrypted variables are decrypted and read back into the runtime environment using the same key and nonce.
Why Use EnvEnc?
- Security: Environment variables are stored in an encrypted format, reducing the risk of exposing sensitive data.
- Ease of Use: Encrypting and decrypting environment variables is as simple as calling a few functions.
- Customization: You can control the passwords used for key and nonce generation, giving you flexibility in how encryption is handled.