{"id":17224822,"url":"https://github.com/pseudomuto/rejson","last_synced_at":"2026-02-10T19:08:13.860Z","repository":{"id":192298155,"uuid":"686451187","full_name":"pseudomuto/rejson","owner":"pseudomuto","description":"A Rust port of https://github.com/Shopify/ejson","archived":false,"fork":false,"pushed_at":"2024-12-31T18:46:10.000Z","size":89,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-12-31T18:52:09.569Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pseudomuto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-02T20:50:04.000Z","updated_at":"2024-12-31T18:46:13.000Z","dependencies_parsed_at":"2024-06-21T07:30:11.121Z","dependency_job_id":null,"html_url":"https://github.com/pseudomuto/rejson","commit_stats":null,"previous_names":["pseudomuto/rejson"],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pseudomuto%2Frejson","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pseudomuto%2Frejson/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pseudomuto%2Frejson/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pseudomuto%2Frejson/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pseudomuto","download_url":"https://codeload.github.com/pseudomuto/rejson/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":236369113,"owners_count":19138053,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-15T04:12:04.418Z","updated_at":"2026-02-10T19:08:13.847Z","avatar_url":"https://github.com/pseudomuto.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# (r)EJSON\n\n[![CI](https://github.com/pseudomuto/rejson/actions/workflows/ci.yaml/badge.svg)](https://github.com/pseudomuto/rejson/actions/workflows/ci.yaml)\n[![Latest version](https://img.shields.io/crates/v/rejson.svg)](https://crates.io/crates/rejson)\n[![Docs](https://img.shields.io/badge/docs-rs-blue)](https://docs.rs/rejson/latest)\n[![codecov](https://codecov.io/gh/pseudomuto/rejson/graph/badge.svg?token=pEmI3xM9Ae)](https://codecov.io/gh/pseudomuto/rejson)\n\n`rejson` is a utility for managing a collection of secrets in source control. The secrets are encrypted using\n[public key], [elliptic curve] cryptography ([NaCl] [Box]: [Curve25519] + [Salsa20] + [Poly1305-AES]). Secrets are\ncollected in a JSON file, in which all the string values are encrypted. Public keys are embedded in the file, and\nthe decrypter looks up the corresponding private key from its local filesystem.\n\n\u003e This is a rust port of [EJSON] with a few extra bells and whistles. Full credit should go to the team that made\n\u003e EJSON. No innovation here other than needing Rust bindings and wanting a few extra features I'm not sure belonged\n\u003e upstream.\n\n[public key]: http://en.wikipedia.org/wiki/Public-key_cryptography\n[elliptic curve]: http://en.wikipedia.org/wiki/Elliptic_curve_cryptography\n[NaCl]: http://nacl.cr.yp.to/\n[Box]: http://nacl.cr.yp.to/box.html\n[Curve25519]: http://en.wikipedia.org/wiki/Curve25519\n[Poly1305-AES]: http://en.wikipedia.org/wiki/Poly1305-AES\n[Salsa20]: http://en.wikipedia.org/wiki/Salsa20\n[EJSON]: https://github.com/Shopify/ejson\n\n## Install\n\n**From Releases**\n\n```ignore\ncurl -fsSL https://github.com/pseudomuto/rejson/releases/download/v0.2.0/rejson_0.2.0_$(uname -s)_$(uname -m).tar.gz | tar xzf -\n```\n\n**With Cargo**\n\n`cargo install rejson`\n\nSince this is a drop-in replacement for `ejson` you can add `alias ejson=\"rejson\"` if you like. The expectation is that\nthis is 100% compatible with `ejson` and it only additive. If that's not the case, it's a bug, and I'd appreciate you\nfiling an issue.\n\n### Additions to EJSON\n\n- A `--strip-key` flag on `decrypt` which will remove `_public_key` from the result.\n- `env` command which will export all keys under the top-level `environment` key.\n- `kube-secrets` command which will output K8s secret manifests for values under the `kubernetes` key.\n\n## Usage\n\n### CLI\n\nSee `rejson -h` or (`cargo run -- -h`) for usage details.\n\n```ignore\nA command line utility for managing secrets\n\nUsage: rejson \u003cCOMMAND\u003e\n\nCommands:\n  encrypt  Encrypt one or more EJSON files\n  decrypt  Decrypt an EJSON file\n  keygen   Generate a new EJSON key pair\n  env      Export the all scalar values under the \"environment\" key\n  help     Print this message or the help of the given subcommand(s)\n\nOptions:\n  -h, --help     Print help\n  -V, --version  Print version\n```\n\nTo export all environment values in the environment key, run `eval $(rejson env secrets.ejson)`.\n\n```ignore\n{\n  \"_public_key\": \"...\",\n  \"environment\": {\n    \"SOME_KEY\": \"SOME_VALUE\"\n  }\n}\n```\n\n### Docker\n\nA docker image is published for each release of rEJSON. Usage is similar to using the binary, only the `/keys` and\n`/files` volumes are required for encrypt/decrypt functionality.\n\n```ignore\n# generate a new key pair\ndocker run --rm -it rejson keygen\n\n# encrypt a file to disk\ndocker run --rm -it \\\n  -v $(pwd)/keys:/keys \\\n  -v $(pwd)/secrets:/files \\\n  rejson encrypt /files/secrets.ejson\n\n# decrypt a file to stdout\ndocker run --rm -it \\\n  -v $(pwd)/keys:/keys \\\n  -v $(pwd)/secrets:/files \\\n  rejson decrypt /files/secrets.ejson\n```\n\n### Code\n\n```rust\nuse std::fs;\n\nuse rejson::{KeyPair, SecretsFile};\n\nfn main() -\u003e Result\u003c(), Box\u003cdyn std::error::Error\u003e\u003e {\n    let file = \"examples/data/secrets.ejson\";\n    let mut secrets_file = SecretsFile::load(file).expect(\"failed to load file\");\n    secrets_file.transform(rejson::compact()?)?;\n    secrets_file.transform(rejson::encrypt(\u0026secrets_file)?)?;\n\n    let json = secrets_file.to_string();\n    let data = json.as_bytes();\n    fs::write(file, data)?;\n\n    println!(\"Wrote {} bytes to {}\", data.len(), file);\n    Ok(())\n}\n```\n\nSee the [_examples_](examples/) directory for more.\n\n## Development\n\n### Local Setup\n\n- Make sure you have the nightly toolchain (used for rustfmt only)\n- Add pre-commit to avoid committing malformatted code\n\n```ignore\nln -sf ../../build/pre-commit .git/hooks/pre-commit\n```\n\n### Cutting a New release\n\nRun `build/release \u003cnew_version\u003e`. This will:\n\n- Update version in Cargo.toml\n- Create a new commit with the message \"Release v\u003cversion\u003e\"\n- `git tag -sm \"Release v\u003cversion\" v\u003cversion\u003e`\n- `git push --tags`\n\nOnce the release pipeline has finished and published the crate, run the following to create the GitHub release with\nattached binaries, etc.\n\n```ignore\ntask release\n```\n\nAdd archives to the GitHub release and publish it.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpseudomuto%2Frejson","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpseudomuto%2Frejson","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpseudomuto%2Frejson/lists"}