1

Coming from Python, we are successively adding Rust for new features or replacing Python by Rust for performance reasons. Our code base has configurations, and some contain secrets.

Currently we use the Python Fernet module (the non-Hazardous Material part of the cryptography package) to encrypt and decrypt these secrets. Although there is a fernet crate for rust, it was not possible to build it on MS Windows. This seems to be a general issue.

So, is there a cross platform (Python/Rust)x(Windows/Linux) way to handle secrets in configurations?

We would settle for the formats supported by the Rust config crate. But the config crate also makes no assumption about secrets, so no help or opinion from there.

Wolfgang Kuehn
  • 12,206
  • 2
  • 33
  • 46
  • A cursory search hinted to _Authenticated Encryption with Associated Data_, but the impression was that we have to dig deeper than we hope to do. – Wolfgang Kuehn Mar 07 '22 at 13:24
  • What is your hangup on windows? OpenSSL? It looks like it should be possible: https://stackoverflow.com/questions/55912871/how-to-work-with-openssl-for-rust-within-a-windows-development-environment – PitaJ Mar 07 '22 at 18:11
  • @PitaJ Yes, OpenSSL. I tried using vcpkg to install OpenSSL along one of **many** conflicting recipes, and that one failed after downloading 2GB of packages. – Wolfgang Kuehn Mar 08 '22 at 15:08
  • It appears there's a PR which allows for using rustcrypto instead of openssl. Try specifying it in your dependencies instead: https://github.com/mozilla-services/fernet-rs/pull/65 – PitaJ Mar 08 '22 at 17:09
  • Will try that once PR is merged and crate is published. – Wolfgang Kuehn Mar 08 '22 at 18:01

0 Answers0