We've just released a pure rust implementation of the SecureStore open format for storing secrets and passwords in encrypted, human-readable files alongside your code, even under version control.
Instead of relying on external services, password-as-a-service providers, or writing out passwords in your source code, SecureStore provides an easy-to-use CLI utility to create and manage secrets files that can be updated or decrypted with implementations for various languages. Secrets files can be stored and versioned alongside your code itself, making it easy to synchronize secrets with the code that uses them, and are carefully designed to minimize conflicts and make pulling/merging nice and simple.
SecureStore for rust joins the existing .NET Core implementation, and can be used in both webapps and local/native applications. Both the crate for integration in your code and the CLI utility for easily managing secrets files from the command line are available as publicly listed crates, and are licensed under the dual Apache 2.0/MIT license.
- Official release post, examples, sample usage, rationale, and more
- The SecureStore crate
ssclientCLI utility for creating and managing secrets in your shell
- asciinema demo of using
We are awaiting feedback from the community regarding the API, and specifically the generic
set functions before stabilizing a 1.0 release. Contributions are welcome!