Encrypt and decrypt secrets in Vapor 4
Encrypting data securely is a process that needs to be done "just right". By any deviation you will be degrading the strength of your encryption so please follow the steps described below to the point.
Use included RandomGenerator app to generate an array of trully randomised bytes. You can of course generate your own sequence, just make sure the data is 32 bytes long, has not been generated from a string (strings are much simpler then random Data generated using URandom) and the whole thing is base64 encoded.
You can install random-generator utility via brew
brew tap einstore/homebrew-tap
brew install random-generatorIf you run RandomGenerator from this package, it should output what you need right away.
In
Debugmode, when noSECRETis set a default value will be used. This functionality will break if you switch toProduction!
By default the library will be looking for SECRET environmental variable. You can change the name of the variable before the library is used for the first time (probably in your configure method) by modifying the Secrets.envVarName static property.
There is more ways to use the library, below are just basic examples
let string = "hello"
let secret = try Secrets.encrypt(string)
let result = try Secrets.decrypt(string: secret)
// or
let string = "hello"
let secret = try Secrets.encrypt(asData: string)
let result = try Secrets.decrypt(string: secret)let data = "hello".data(using: .utf8)!
let secret = try Secrets.encrypt(data)
let result = try Secrets.decrypt(data: secret)Ondrej Rafaj - @rafiki270
Licensed under MIT; Copyright Einstore 2019