-
-
Notifications
You must be signed in to change notification settings - Fork 318
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encrypted configuration backend #295
Conversation
@muesli crypto is not really my strength. Any opinions before I start adding tests here? |
The plan is to also load the password from the environment, to provide a safer alternative to the embedded string in the URL. |
2a88e3d
to
29a6d3c
Compare
BEEHIVE_CONFIG_PASSWORD environment=secret ./beehive --config crypto:///path/to/config can now decrypt an encrypted configuraiton also.
This is ready for 👀 |
Ended up adding an example wrapper to store and retrieve the configuration password from a desktop keyring. |
Looks good to me, nice work, once again! The only remark I have so far: maybe we could drop the fake username (
I know it's technically abusing the username as our password, but it gets rid of the redundant & confusing fake value in the URL, and looks a bit nicer (imo). What do you think? |
I like the idea. |
I'm also adding a cli tool to decrypt/encrypt an existing config. I found that useful. |
Fixed in 8626f31
On a second thought, I'll leave that for a new PR, to reduce the scope here. |
AES configuration backend encrypts Beehive's configuration using symmetric encryption.
Example:
This will use the key
mysecret
to encrypt/decrypt the config file.The encrypted configuration file includes a 12 bytes header (
beehiveconf+
) that makes it possible to identify the file as an encrypted configuration file:Fixes #226