Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/aerth/seconfig

super easy encrypted config
https://github.com/aerth/seconfig

configuration configuration-files secret-management

Last synced: about 2 months ago
JSON representation

super easy encrypted config

Host: GitHub
URL: https://github.com/aerth/seconfig
Owner: aerth
License: mit
Created: 2017-12-07T08:49:15.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2018-09-17T00:08:41.000Z (about 6 years ago)
Last Synced: 2024-06-28T20:53:14.060Z (3 months ago)
Topics: configuration, configuration-files, secret-management
Language: Go
Homepage:
Size: 38.1 KB
Stars: 14
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # seconfig

[![GoDoc](https://godoc.org/github.com/aerth/seconfig?status.svg)](https://godoc.org/github.com/aerth/seconfig)

Lock your program's config file

## **warnings**

  * Needs security audit, code review.

  * Will most likely have breaking, backwards-incompatible-changes until stable.

  * It is up to your application to retrieve user input and handle hashing.

  * Key size **must** be 32 bytes. You can use the provided hash package to achieve this.

  * Probably not safe to use yet. Pull requests welcome.

## **usage**

#### **Step One**

Create and initialize a config struct with data. You make your own Config type with its own fields.

Sorry, no func or chan fields, limited by `json` package. (how would you even marshal these?)

```

type Config struct {

  Interface string,

  Port int,

  Name string,

}

config := Config{

  Interface: "0.0.0.0",

  Port:      8080,

  Name:      "my server",

}

```

#### **Step Two**

##### Encryption

Marshal and encrypt the config struct into a slice of encrypted bytes.

Key needs to be 32 bytes, either generate random 32 bytes (and store as key file somewhere), or hash a password to achieve 32 bytes.

```

// pick a salt. not []byte{0,4,2,8}.

password := GetUserInput()

hashed := hash.Scrypt([]byte(password), []byte("my salt 010"))

```

Implement your own **Hashing**:

```

keyBytes := Hash(GetUserInput()) // somehow read stdin and hash it, getting 32 byte key

b, err := seconfig.Key(keyBytes)).Marshal(config)

```

Or, use **Padding**, probably not good:

```

b, err := seconfig.Pad("12341234123412341234123412341234").Key(GetUserInput()).Marshal(config)

```

#### **Step Three**

##### Decryption

Unmarshal the data into a config struct using **Unlock()**:

```

myconfig := new(Config)

err := seconfig.Key(keyBytes).Unlock(b, &myconfig)

```

or, decrypt using **Raw()**:

```

locked := seconfig.Key(keyBytes).RawLock(b)

unlocked := seconfig.Key(keyBytes).Raw(b)

```