README
¶
Envcrypto
Proof of Concept
Demo
datadir=$(mktemp -d)
# Generate an age keypair:
age-keygen -o "$datadir/age-key.txt"
age_public_key=$(age-keygen -y "$datadir/age-key.txt")
# Generate a new envcrypto environment:
envcrypto generate > "$datadir/envcrypto.env"
# Use sops to encrypt the private key with the age key:
sops --encrypt --age "$age_public_key" --encrypted-regex "PRIVATE_KEY" "$datadir/envcrypto.env" > "$datadir/envcrypto.sops.env"
# Encrypt a value with the envcrypto public key, and write it to a dotenv file:
echo "DOTENV_EXAMPLE=$(envcrypto -f "$datadir/envcrypto.sops.env" encrypt "hello dotenv")" > "$datadir/example.env"
# Decrypt the value by using the embedded support for sops:
SOPS_AGE_KEY_FILE="$datadir/age-key.txt" envcrypto --sops "$datadir/envcrypto.sops.env" -f "$datadir/example.env" get DOTENV_EXAMPLE
# Encrypt a value with the envcrypto public key, and export it:
export "ENV_EXAMPLE=$(envcrypto -f "$datadir/envcrypto.sops.env" encrypt "hello environment")"
# Decrypt the value by using the embedded support for sops:
SOPS_AGE_KEY_FILE="$datadir/age-key.txt" envcrypto --sops "$datadir/envcrypto.sops.env" get ENV_EXAMPLE
# Clean up:
rm -rf "$datadir"
Documentation
¶
Overview ¶
Example ¶
package main
import (
"fmt"
"os"
"path/filepath"
"go.mozilla.org/sops/v3/cmd/sops/formats"
"go.mozilla.org/sops/v3/decrypt"
"golang.org/x/exp/slices"
"htdvisser.dev/exp/envcrypto"
)
func main() {
var allFiles []string
matches, err := filepath.Glob("testdata/example/*.env")
if err != nil {
panic(err)
}
for _, match := range matches {
if !slices.Contains(allFiles, match) {
allFiles = append(allFiles, match)
}
}
envFilesSource, err := envcrypto.NewEnvFilesSource(nil, allFiles...)
if err != nil {
panic(err)
}
os.Setenv("SOPS_AGE_KEY_FILE", "testdata/example/age-key.txt")
fileSource := envFilesSource.GetFile("testdata/example/sops.env")
if fileSource == nil {
fileSource, err = envcrypto.NewEnvFileSource(nil, "testdata/example/sops.env")
if err != nil {
panic(err)
}
envFilesSource.AppendSource(fileSource)
}
err = fileSource.Replace(func(data []byte) ([]byte, error) {
return decrypt.DataWithFormat(data, formats.Dotenv)
})
if err != nil {
panic(err)
}
box, err := envcrypto.Open(envFilesSource)
if err != nil {
panic(err)
}
exampleValue, err := box.Get("DOTENV_EXAMPLE")
if err != nil {
panic(err)
}
fmt.Println(exampleValue)
}
Output: hello dotenv
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EnvFileSource ¶
type EnvFileSource struct {
// contains filtered or unexported fields
}
func NewEnvFileSource ¶
func NewEnvFileSource(fsys fs.FS, name string) (*EnvFileSource, error)
func (*EnvFileSource) Keys ¶
func (s *EnvFileSource) Keys() []string
type EnvFilesSource ¶
type EnvFilesSource struct {
// contains filtered or unexported fields
}
func NewEnvFilesSource ¶
func NewEnvFilesSource(fsys fs.FS, paths ...string) (*EnvFilesSource, error)
func (*EnvFilesSource) AppendSource ¶
func (s *EnvFilesSource) AppendSource(file *EnvFileSource)
func (*EnvFilesSource) GetFile ¶
func (s *EnvFilesSource) GetFile(path string) *EnvFileSource
func (*EnvFilesSource) Keys ¶
func (s *EnvFilesSource) Keys() []string
func (*EnvFilesSource) PrependSource ¶
func (s *EnvFilesSource) PrependSource(file *EnvFileSource)
type MultiSource ¶
type MultiSource = multiSource[Source]
type OptionFunc ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.