serde-encrypted-value
| Crates.io | serde-encrypted-value |
| lib.rs | serde-encrypted-value |
| version | 0.4.7 |
| source | src |
| created_at | 2017-03-07 23:12:02.63065 |
| updated_at | 2024-03-05 19:03:11.651253 |
| description | A Serde Deserializer wrapper which transparently decrypts encrypted values |
| homepage | |
| repository | https://github.com/palantir/serde-encrypted-value |
| max_upload_size | |
| id | 8885 |
| size | 46,577 |
Palantir Technologies (palantirtech)
documentation
README
serde-encrypted-value
Serde deserializer which transparently decrypts embedded encrypted strings.
Application configurations typically consist mostly of non-sensitive information, with a few bits of information that is sensitive such as authentication secrets or cookie encryption keys. Storing those sensitive values in an encrypted form at rest can defend against leakage when, for example, copy/pasting the config as long as the encryption key is not additionally leaked.
It is compatible with https://github.com/palantir/encrypted-config-value, though unlike that library, serde-encrypted-value does not support RSA.
Usage
Assume we have a conf/encrypted-config-value.key file that looks like:
AES:NwQZdNWsFmYMCNSQlfYPDJtFBgPzY8uZlFhMCLnxNQE=
And a conf/config.json file that looks like:
{
"secret_value": "${enc:5BBfGvf90H6bApwfxUjNdoKRW1W+GZCbhBuBpzEogVBmQZyWFFxcKyf+UPV5FOhrw/wrVZyoL3npoDfYjPQV/zg0W/P9cVOw}",
"non_secret_value": "hello, world!"
}
extern crate serde;
extern crate serde_json;
extern crate serde_encrypted_value;
#[macro_use]
extern crate serde_derive;
use serde::Deserialize;
use std::io::Read;
use std::fs::File;
#[derive(Deserialize)]
struct Config {
secret_value: String,
non_secret_value: String,
}
fn main() {
let key = "conf/encrypted-config-value.key";
let key = serde_encrypted_value::Key::from_file(key)
.unwrap();
let mut config = vec![];
File::open("conf/config.json")
.unwrap()
.read_to_end(&mut config)
.unwrap();
let mut deserializer = serde_json::Deserializer::from_slice(&config);
let deserializer = serde_encrypted_value::Deserializer::new(
&mut deserializer, key.as_ref());
let config = Config::deserialize(deserializer).unwrap();
assert_eq!(config.secret_value, "L/TqOWz7E4z0SoeiTYBrqbqu");
assert_eq!(config.non_secret_value, "hello, world!");
}
License
This repository is made available under the Apache 2.0 License.