Closed rubiojr closed 4 years ago
@muesli crypto is not really my strength. Any opinions before I start adding tests here?
The plan is to also load the password from the environment, to provide a safer alternative to the embedded string in the URL.
This is ready for :eyes:
Ended up adding an example wrapper to store and retrieve the configuration password from a desktop keyring.
Looks good to me, nice work, once again!
The only remark I have so far: maybe we could drop the fake username (x
in the example crypto URL) and instead allow for it to be set as the password, so the URL could look like:
crypto://mysecret@/home/rubiojr/beehive.conf
I know it's technically abusing the username as our password, but it gets rid of the redundant & confusing fake value in the URL, and looks a bit nicer (imo).
What do you think?
What do you think?
I like the idea.
I'm also adding a cli tool to decrypt/encrypt an existing config. I found that useful.
The only remark I have so far: maybe we could drop the fake username (x in the example crypto URL) and instead allow for it to be set as the password, so the URL could look like:
Fixed in 8626f31
I'm also adding a cli tool to decrypt/encrypt an existing config. I found that useful.
On a second thought, I'll leave that for a new PR, to reduce the scope here.
AES configuration backend encrypts Beehive's configuration using symmetric encryption.
Example:
This will use the key
mysecret
to encrypt/decrypt the config file.The encrypted configuration file includes a 12 bytes header (
beehiveconf+
) that makes it possible to identify the file as an encrypted configuration file:Fixes https://github.com/muesli/beehive/issues/226