Skip to content

drewart/hen

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
cli
cli
 
 
cmd/hen
cmd/hen
 
 
internal/server
internal/server
 
 
Dockerfile
Dockerfile
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
hatch.go
hatch.go
 
 
hatch_test.go
hatch_test.go
 
 
hen.go
hen.go
 
 

Repository files navigation

HEN encyption service and cli

Overview

web encryption service to provide a way to store encypted secrets in config files in the repo.

Features

  • allows configs checked into repo kind to provide KISS approch to secrets

Diagram

TODO

goals and future features

  • check in secure config values
  • have a ui html form to generate egg(s) from string
  • allow developers with token ability to check in a one way secure values
  • allow admin and gitlab ci decrypt aka "hatch eggs"
  • make it easy to update config values
  • make it easy to change configs
  • make code integrations
  • if integrated into key, enviroment configs could be built into container image at /config/foo.(dev|stage|prod).json
  • configs could be processed in ci and pushed as secrets to k8s and our container could read the secret
  • future allow cli admin edit vi mode with temp file and egg(...) replaced with cracked-egg(string)
  • settings in one location the repo vs gitlab var, terraform, parameter store
  • settings not dependent on infra setup
  • future for auth / token
  • future would like to use jwt for tokens
  • proposed server url https://hen.gomonger.io
  • tokens database, use existing jwt token, maybe use token service?
  • maybe values files or direct config edits
  • md5 check sum, why to validate x sent = x encrypted
  • simplify config
  • Can still use if moving away from json
  • could build into kit and env vars
  • part of ci process could remove parameter store
  • could use k8s secrets to store json
  • can track settings CI changes
  • CON: doesn't allow for dynamic changes without CI
  • configs/settings files can put shipped with image kit
  • could call hen service to decrypt for hen/egg('values')

TODO

  • read up on jwt and how it works
  • read up on tokens, token a service
  • read up on mysql storage
  • setup a service like go-gin

server

export ENCRYPTION_KEY="32-bit-string" 
./hen server

client

./hen protect -m "hello world"
{"egg":"egg(97b2fe93cccdfbb794ca2a5131ee7afe9bac07758797705df2008234b7aa9966652a4f802e9d0c,5eb63bbbe01eeed093cb22bb8f5acdc3)"}

Decrypt curl example with Token

curl -X POST http://localhost:3000/hatch \
     -H 'Content-Type: application/json' \
     -H 'Token: foobar' \
     -d '{"egg":"231d4adc3e9f6a62640e49b882747a376a5a5127401b1d1cdc05c7e2a39ece1ef63e8c58"}'                                      
# {"secret":"test abc"}%

Encryption Ref

https://tutorialedge.net/golang/go-encrypt-decrypt-aes-tutorial/ https://www.melvinvivas.com/how-to-encrypt-and-decrypt-data-using-aes

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages