3 releases
0.0.3 | Oct 6, 2024 |
---|---|
0.0.2 | Sep 28, 2024 |
0.0.1 | Sep 28, 2024 |
#443 in Cryptography
20KB
177 lines
EnvEnc - Secure Environment Variable Management
EnvEnc is a Rust crate that helps you securely encrypt and decrypt environment variables using the ChaCha20-Poly1305 or AES256-GCM encryption schemes. Store sensitive information like API keys, database credentials, and other configuration secrets in your .env
file in a secure, encrypted format.
Features
- Encrypt environment variables before storing them.
- Automatically decrypt environment variables when needed.
- Support for secure key and nonce generation.
- Support for multiple encryption algorithms.
Installation
Add envenc
to your Cargo.toml
:
[dependencies]
envenc = "0.0.3"
Usage/Examples
Below is an example of how to encrypt, decrypt, and read environment variables using EnvEnc:
use envenc::{decrypt_env, keys_generation, read_env, read_env_enc, set_enc_env, CipherType};
fn main() {
// Choose cipher type
let cipher_type = CipherType::AES256GCM; // or CipherType::ChaCha20Poly1305
// Generate or retrieve encryption key and nonce
let (key, nonce) = keys_generation(cipher_type);
// Encrypt and set environment variables
set_enc_env(
"DATABASE_URL",
"postgres://user:password@localhost/db",
cipher_type,
&key,
&nonce,
);
set_enc_env(
"API_KEY",
"super_secret_api_key",
cipher_type,
&key,
&nonce,
);
set_enc_env(
"CACHE_SERVER",
"redis://localhost:6379",
cipher_type,
&key,
&nonce,
);
// Read the encrypted environment variables from the .env file
let encrypted_env = read_env_enc();
// Decrypt the environment variables using the key and nonce
decrypt_env(encrypted_env, cipher_type, &key, &nonce);
// Read the decrypted values from the environment variables
let database_url = read_env("DATABASE_URL").unwrap_or("DATABASE_URL not found".to_string());
let api_key = read_env("API_KEY").unwrap_or("API_KEY not found".to_string());
let cache_server = read_env("CACHE_SERVER").unwrap_or("CACHE_SERVER not found".to_string());
// Print the decrypted environment variables
println!("Database URL: {}", database_url);
println!("API Key: {}", api_key);
println!("Cache Server: {}", cache_server);
}
Output
Database URL: postgres://user:password@localhost/db
API Key: super_secret_api_key
Cache Server: redis://localhost:6379
How It Works
- Key and Nonce Generation: The key and nonce are generated using the provided passwords. This ensures that each encryption is securely tied to the passwords.
- Encryption and Storage: Sensitive environment variables are encrypted and stored in the
.env
file. - Decryption: The encrypted variables are decrypted and read back into the runtime environment using the same key and nonce.
Why Use EnvEnc?
- Security: Environment variables are stored in an encrypted format, reducing the risk of exposing sensitive data.
- Ease of Use: Encrypting and decrypting environment variables is as simple as calling a few functions.
- Customization: You can control the passwords used for key and nonce generation, giving you flexibility in how encryption is handled.
Dependencies
~2MB
~30K SLoC