glm_vault is a gleam library to enable reading and writing secrets to and from a encrypted files. glm_vault is
inspired by Ansible Vault, and depends on glm_encrypted_file which depends on openssl.
Please read the glm_encrypted_file to understand the implications of using this library.
A vault is an opaque container for a dictionary. Keys are strings, and values are restricted to the following types: String, Bool, Int, Float. The vault is in memory and not encrypted.
The vault can be serialized and deserialized to an encrypted file. Vaults are serialized as toml, then written to a temporary file, and subsequently encrypted using openssl. Vaults are deserialized by decrypting an encrypted file, again using openssl. The decrypted plaintext is then parsed as toml and the resulting dictionary is wrapped with a vault.
The other way to create a vault is programatically. Examples of both below:
- Nested keys are NOT supported.
- Other value types are NOT supported.
gleam add glm_vaultimport gleam/dict
import gleam/result
import glm_vault/vault
import tom
pub fn main() -> Result(Nil, Nil) {
// file to serialize a vault to
let encrypted_file = "./encrypted_vault"
// the password file must exist and contain some sort of password text
let password_file = "./vault_password"
// create secrets
let secrets =
dict.from_list([
#("str", tom.String("hello")),
#("bool", tom.Bool(True)),
#("int", tom.Int(0)),
#("float", tom.Float(1.234)),
])
// create a vault
let v1 = vault.new_vault(secrets)
// serialize the vault to an encrypted file
let _ = vault.encrypt(v1, encrypted_file, password_file)
// de-serialize the vault from an encrypted file
case vault.decrypt(encrypted_file, password_file) {
Error(_) -> panic
Ok(v2) -> {
use decrypted_str <- result.try(
vault.get_string(v2, "str")
|> result.map_error(fn(_) { Nil }),
)
echo "decrypted_str "
echo decrypted_str
Ok(Nil)
}
}
}Further documentation can be found at https://hexdocs.pm/glm_vault.
gleam run # Run the project
gleam test # Run the tests