How to tag only certain fields of a struct as encrypted?

laysakura / serde-encrypt

🔐 Encrypts all the Serialize.

Apache License 2.0

177 stars 6 forks source link

How to tag only certain fields of a struct as encrypted? #111

Open gitmalong opened 2 years ago

gitmalong commented 2 years ago

In such a common scenario as outlined below I only want to store the password as encrypted value. How can I achieve that?

struct DatabaseConfig {
  hostname: String,
  user: String,
  password: String
}

laysakura commented 2 years ago

@gitmalong Not directly supported.

You may achieve it by the following workaround, for example.

struct DatabaseConfig {
  hostname: String,
  user: String,
  password: EncryptedMessage,  // https://docs.rs/serde-encrypt/latest/serde_encrypt/struct.EncryptedMessage.html
}

#[derive(Serialize, Deserialize)]
struct Password(String);

impl SerdeEncryptSharedKey for Password {
    type S = BincodeSerializer<Self>;
}

gitmalong commented 1 year ago

What I would like to see is a similar concept like seen in jasypt. It doesn't require to tag fields/structs as encrypted but identifies fields as encrypted when a field's value is wrapped in ENC e.g. ENC(example_encrypted_string).