Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/thatscalaguy/skunk-crypt

aes cats-effect encryption postg scala skunk

Last synced: 24 days ago
JSON representation

Host: GitHub
URL: https://github.com/thatscalaguy/skunk-crypt
Owner: ThatScalaGuy
License: apache-2.0
Created: 2024-07-29T12:40:11.000Z (3 months ago)
Default Branch: main
Last Pushed: 2024-09-18T17:26:36.000Z (about 2 months ago)
Last Synced: 2024-10-01T15:59:16.181Z (about 1 month ago)
Topics: aes, cats-effect, encryption, postg, scala, skunk
Language: Scala
Homepage: https://thatscalaguy.github.io/skunk-crypt/
Size: 72.3 KB
Stars: 2
Watchers: 1
Forks: 1
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

        # SKUNK CRYPT

## Motivation

Possibility to store columns encrypted in the database. At the application level, the data is available in plain text. The content will be encrypted using AES.

You can encrypt the data in a nondeterministic way, meaning the same plain text will be encrypted to different cipher text each time. Alternatively, you can encrypt the data in a deterministic way, which is helpful if you want to search for the data in the database.

The library is based depend on the latest 1.0 version of the Skunk library.

## Usage

1.) Add the dependency to your project:

```scala

libraryDependencies += "de.thatscalaguy" %% "skunk-crypt" % "0.0.1"

```

2.) Create a implicit CryptContext object with the keys you want to use.

```scala

implicit val c = CryptContext

        .keysFromHex(

          "c0e5c54c2a40c95b40d6e837a9c147d4cd7cadeccc555e679efed48f726a5fef"

        )

        .get

```

Only the last key will be use for encryption and decryption. The other keys are used to decrypt the data encrypted with the last key. (Simple way of manuel key rotation)

3.) Use it in your code:

```scala

import de.thatscalaguy.skunkcrypt.crypt // for non deterministic encryption

import de.thatscalaguy.skunkcrypt.cryptd // for deterministic encryption

session.execute(

    sql"INSERT INTO test (string, numbers) VALUES (${crypt.text}, ${crypt.int4})".command

)("Hello", 123)

session.execute(

    sql"SELECT * FROM test".query(crypt.text ~ crypt.int4)

)

```

All columns intended for storing encrypted data must be of type `TEXT` in the database.

e.g.:

```sql

CREATE TABLE test (

    string TEXT,

    numbers TEXT

)

```