-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Questions: Damonizing and encrypting with Abscissa #340
Comments
A1: Regarding daemonization, I'd recommend using an init system or other supervisor process. We run Abscissa-based applications as systemd service units, which requires no built-in "daemonization" support. That said, if you'd like to use a 3rd party daemonization crate, you can customize main.rs as you desire. A2: Regarding CryptoStream, I wouldn't recommend using that. It's using unauthenticated AES-CBC encryption (generally shunned by cryptographers), and has a rather heavyweight dependency in OpenSSL. I do so happen to also be author of a number of pure Rust implementations of modern AEAD ciphers. I would suggest using AES-GCM, AES-GCM-SIV, or ChaCha20Poly1305: https://github.com/RustCrypto/AEADs/ As for integrating something like that with Abscissa, it's TBD. I'd like to add first-class support for secret stores as a trait, and the ability to plug in e.g. cloud secret management services like AWS Parameter Store or GCP Secret Manager. A3: what kind of keys? cryptographic keys? I would not recommend placing any secret values in executables. |
@tony-iqlusion , A1: Unfortunately, I don't control the environment and have to adapt... A2: I'll try one of those... A3: Unfortunately, I have to encrypt data at rest, without interaction. A built in secure store would be awesome... |
P.S. There is a "typo" in // #[options(short = "f", help = "foobar path"] should be: // #[options(short = "f", help = "foobar path")] Missing ")" |
Since you have probably resolved these issues in your app...
A couple of quick questions...
I'm building a cross-platform agent using Abscissa / Tokio, it will be running on Windows and other platforms...
So I need to daemonize it..
Which would be the preferred daemonizing crates ?
ceviche-rs I'm leaning towards this one...
daemon-rs Old but cross platform
Encrypting values in the config(toml)
I'm looking at CryptoStream
What is the preferred approach to embedding keys in the executable ?
All (constructive :) ) suggestions are welcome
The text was updated successfully, but these errors were encountered: