tony-iqlusion
commented
4 years ago A1: Regarding daemonization, I'd recommend using an init system or other supervisor process. We run Abscissa-based applications as systemd service units, which requires no built-in "daemonization" support.
That said, if you'd like to use a 3rd party daemonization crate, you can customize main.rs as you desire.
A2: Regarding CryptoStream, I wouldn't recommend using that. It's using unauthenticated AES-CBC encryption (generally shunned by cryptographers), and has a rather heavyweight dependency in OpenSSL.
I do so happen to also be author of a number of pure Rust implementations of modern AEAD ciphers. I would suggest using AES-GCM, AES-GCM-SIV, or ChaCha20Poly1305:
https://github.com/RustCrypto/AEADs/
As for integrating something like that with Abscissa, it's TBD. I'd like to add first-class support for secret stores as a trait, and the ability to plug in e.g. cloud secret management services like AWS Parameter Store or GCP Secret Manager.
A3: what kind of keys? cryptographic keys? I would not recommend placing any secret values in executables.
JRAndreassen
Since you have probably resolved these issues in your app... A couple of quick questions...
I'm building a cross-platform agent using Abscissa / Tokio, it will be running on Windows and other platforms... So I need to daemonize it.. 1) Which would be the preferred daemonizing crates ? ceviche-rs I'm leaning towards this one... daemon-rs Old but cross platform
2) Encrypting values in the config(toml) I'm looking at CryptoStream
3) What is the preferred approach to embedding keys in the executable ?
All (constructive :) ) suggestions are welcome