Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/aerth/seconfig
super easy encrypted config
https://github.com/aerth/seconfig
configuration configuration-files secret-management
Last synced: about 2 months ago
JSON representation
super easy encrypted config
- Host: GitHub
- URL: https://github.com/aerth/seconfig
- Owner: aerth
- License: mit
- Created: 2017-12-07T08:49:15.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2018-09-17T00:08:41.000Z (about 6 years ago)
- Last Synced: 2024-06-28T20:53:14.060Z (3 months ago)
- Topics: configuration, configuration-files, secret-management
- Language: Go
- Homepage:
- Size: 38.1 KB
- Stars: 14
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# seconfig
[![GoDoc](https://godoc.org/github.com/aerth/seconfig?status.svg)](https://godoc.org/github.com/aerth/seconfig)
Lock your program's config file
## **warnings**
* Needs security audit, code review.
* Will most likely have breaking, backwards-incompatible-changes until stable.
* It is up to your application to retrieve user input and handle hashing.
* Key size **must** be 32 bytes. You can use the provided hash package to achieve this.
* Probably not safe to use yet. Pull requests welcome.## **usage**
#### **Step One**
Create and initialize a config struct with data. You make your own Config type with its own fields.
Sorry, no func or chan fields, limited by `json` package. (how would you even marshal these?)
```
type Config struct {
Interface string,
Port int,
Name string,
}
config := Config{
Interface: "0.0.0.0",
Port: 8080,
Name: "my server",
}```
#### **Step Two**##### Encryption
Marshal and encrypt the config struct into a slice of encrypted bytes.
Key needs to be 32 bytes, either generate random 32 bytes (and store as key file somewhere), or hash a password to achieve 32 bytes.
```
// pick a salt. not []byte{0,4,2,8}.
password := GetUserInput()
hashed := hash.Scrypt([]byte(password), []byte("my salt 010"))
```Implement your own **Hashing**:
```
keyBytes := Hash(GetUserInput()) // somehow read stdin and hash it, getting 32 byte key
b, err := seconfig.Key(keyBytes)).Marshal(config)
```Or, use **Padding**, probably not good:
```
b, err := seconfig.Pad("12341234123412341234123412341234").Key(GetUserInput()).Marshal(config)
```#### **Step Three**
##### Decryption
Unmarshal the data into a config struct using **Unlock()**:
```
myconfig := new(Config)
err := seconfig.Key(keyBytes).Unlock(b, &myconfig)
```or, decrypt using **Raw()**:
```
locked := seconfig.Key(keyBytes).RawLock(b)
unlocked := seconfig.Key(keyBytes).Raw(b)
```