{"id":20476642,"url":"https://github.com/rabbitmq/credentials-obfuscation","last_synced_at":"2025-04-10T17:13:30.558Z","repository":{"id":35070930,"uuid":"202088332","full_name":"rabbitmq/credentials-obfuscation","owner":"rabbitmq","description":"Tiny library/OTP app for credential obfuscation","archived":false,"fork":false,"pushed_at":"2024-08-05T15:13:15.000Z","size":172,"stargazers_count":14,"open_issues_count":1,"forks_count":9,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-03-24T15:01:35.200Z","etag":null,"topics":["elixir","erlang","obfuscation"],"latest_commit_sha":null,"homepage":"","language":"Erlang","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rabbitmq.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-08-13T07:24:45.000Z","updated_at":"2024-08-17T16:57:52.000Z","dependencies_parsed_at":"2025-01-26T23:32:41.552Z","dependency_job_id":null,"html_url":"https://github.com/rabbitmq/credentials-obfuscation","commit_stats":{"total_commits":82,"total_committers":13,"mean_commits":"6.3076923076923075","dds":0.5365853658536586,"last_synced_commit":"318ac66df8eecdfb478735b7d4e088338d7111e7"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabbitmq%2Fcredentials-obfuscation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabbitmq%2Fcredentials-obfuscation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabbitmq%2Fcredentials-obfuscation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rabbitmq%2Fcredentials-obfuscation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rabbitmq","download_url":"https://codeload.github.com/rabbitmq/credentials-obfuscation/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248261911,"owners_count":21074225,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["elixir","erlang","obfuscation"],"created_at":"2024-11-15T15:22:10.165Z","updated_at":"2025-04-10T17:13:30.541Z","avatar_url":"https://github.com/rabbitmq.png","language":"Erlang","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Credential Obfuscator\n\nThis is a small library OTP application that acts as a helper. It encrypts and decrypts sensitive data\ntypically stored in processes state with a one-off key (key material must be provided on node start).\nOne example of such sensitive data is credentials used to access remote services.\n\nThis is necessary to avoid the sensitive values logged when process state is dumped by\nthe Erlang runtime (`error_logger`).\n\nNote that this application **cannot protect against heap dumping attacks** and only helps\navoid sensitive data appearing in log files.\n\n## Supported Erlang/OTP Versions\n\nThis library uses the modern `crypto` API and **requires Erlang 23.2 or a later version**.\n\n## Usage\n\nFirst, make the `credentials_obfuscation` application a dependency of your project.\n\nThen, during the start-up of your application, and after the `credentials_obfuscation` application starts,\nprovide the secret value:\n\n``` erl\nCookieBin = atom_to_binary(erlang:get_cookie(), latin1),\ncredentials_obfuscation:set_secret(CookieBin)\n```\n\nTo use a random value, do the following:\n\n``` erl\nBytes = crypto:strong_rand_bytes(128),\ncredentials_obfuscation:set_secret(Bytes)\n```\n\nTo encrypt and decrypt a binary or list value:\n\n``` erl\nEncrypted = credentials_obfuscation:encrypt(\u003c\u003c\"abc\"\u003e\u003e).\n% =\u003e {encrypted,\u003c\u003c\"KdH0bP4CYasbA3X79nKShEJhajQ7D7wz1G4yqJmDS4d7zRuuUhAPuQKxdDVgxQtO\"\u003e\u003e}\n\ncredentials_obfuscation:decrypt(Encrypted).\n% =\u003e \u003c\u003c\"abc\"\u003e\u003e\n```\n\nLists (char lists in Elixir) will be converted to binaries before encryption.\nThis means that decrypted values will alwyas be returned as binaries.\n\nLists here mean \"byte lists\", that is Unicode characters are not\nsupported. This should still be sufficient for encryption of\nURIs, generated credentials, and many kinds of sensitive identifiers.\n\n## License and Copyright\n\nSee [LICENSE](./LICENSE).\n\n(c) 2019-2023 VMware, Inc or its affiliates.\n\n(c) 2023-2024 Broadcom, Inc or its subsidiaries.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frabbitmq%2Fcredentials-obfuscation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frabbitmq%2Fcredentials-obfuscation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frabbitmq%2Fcredentials-obfuscation/lists"}