feat: protect secrets
This commit is contained in:
Sandro Eiler
parent
93140e7d22
commit
e3d8c967f5
5 changed files with 43 additions and 18 deletions
11
Cargo.lock
generated
11
Cargo.lock
generated
|
|
@ -1044,6 +1044,7 @@ dependencies = [
|
||||||
"hyper 1.1.0",
|
"hyper 1.1.0",
|
||||||
"once_cell",
|
"once_cell",
|
||||||
"reqwest",
|
"reqwest",
|
||||||
|
"secrecy",
|
||||||
"serde",
|
"serde",
|
||||||
"serde_json",
|
"serde_json",
|
||||||
"sqlx",
|
"sqlx",
|
||||||
|
|
@ -1804,6 +1805,16 @@ dependencies = [
|
||||||
"untrusted",
|
"untrusted",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "secrecy"
|
||||||
|
version = "0.8.0"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e"
|
||||||
|
dependencies = [
|
||||||
|
"serde",
|
||||||
|
"zeroize",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "security-framework"
|
name = "security-framework"
|
||||||
version = "2.9.1"
|
version = "2.9.1"
|
||||||
|
|
|
||||||
|
|
@ -25,15 +25,16 @@ axum = { version = "0.7" }
|
||||||
# tower-cookies = "0.10"
|
# tower-cookies = "0.10"
|
||||||
# Others
|
# Others
|
||||||
config = "0.14"
|
config = "0.14"
|
||||||
|
uuid = { version = "1", features = ["v4", "fast-rng"] }
|
||||||
|
chrono = { version = "0.4", default-features = false, features = ["clock"] }
|
||||||
tracing = { version = "0.1", features = ["log"] }
|
tracing = { version = "0.1", features = ["log"] }
|
||||||
tracing-subscriber = { version = "0.3", features = ["registry", "env-filter"] }
|
tracing-subscriber = { version = "0.3", features = ["registry", "env-filter"] }
|
||||||
tracing-bunyan-formatter = "0.3"
|
tracing-bunyan-formatter = "0.3"
|
||||||
tracing-log = "0.2"
|
tracing-log = "0.2"
|
||||||
|
secrecy = { version = "0.8", features = ["serde"] }
|
||||||
# lazy-regex = "3"
|
# lazy-regex = "3"
|
||||||
# async-trait = "0.1"
|
# async-trait = "0.1"
|
||||||
# strum_macros = "0.25"
|
# strum_macros = "0.25"
|
||||||
uuid = { version = "1", features = ["v4", "fast-rng"] }
|
|
||||||
chrono = { version = "0.4", default-features = false, features = ["clock"] }
|
|
||||||
|
|
||||||
[dependencies.sqlx]
|
[dependencies.sqlx]
|
||||||
version = "0.7"
|
version = "0.7"
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,5 @@
|
||||||
|
use secrecy::{ExposeSecret, Secret};
|
||||||
|
|
||||||
#[derive(serde::Deserialize)]
|
#[derive(serde::Deserialize)]
|
||||||
/// The application's settings
|
/// The application's settings
|
||||||
///
|
///
|
||||||
|
|
@ -18,7 +20,7 @@ pub struct Settings {
|
||||||
/// * `name`: the DB name
|
/// * `name`: the DB name
|
||||||
pub struct DatabaseSettings {
|
pub struct DatabaseSettings {
|
||||||
pub username: String,
|
pub username: String,
|
||||||
pub password: String,
|
pub password: Secret<String>,
|
||||||
pub port: u16,
|
pub port: u16,
|
||||||
pub host: String,
|
pub host: String,
|
||||||
pub name: String,
|
pub name: String,
|
||||||
|
|
@ -38,17 +40,24 @@ pub fn get_configuration() -> Result<Settings, config::ConfigError> {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl DatabaseSettings {
|
impl DatabaseSettings {
|
||||||
pub fn connection_string(&self) -> String {
|
pub fn connection_string(&self) -> Secret<String> {
|
||||||
format!(
|
Secret::new(format!(
|
||||||
"postgres://{}:{}@{}:{}/{}",
|
"postgres://{}:{}@{}:{}/{}",
|
||||||
self.username, self.password, self.host, self.port, self.name
|
self.username,
|
||||||
)
|
self.password.expose_secret(),
|
||||||
|
self.host,
|
||||||
|
self.port,
|
||||||
|
self.name
|
||||||
|
))
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn connection_string_without_db(&self) -> String {
|
pub fn connection_string_without_db(&self) -> Secret<String> {
|
||||||
format!(
|
Secret::new(format!(
|
||||||
"postgres://{}:{}@{}:{}",
|
"postgres://{}:{}@{}:{}",
|
||||||
self.username, self.password, self.host, self.port
|
self.username,
|
||||||
)
|
self.password.expose_secret(),
|
||||||
|
self.host,
|
||||||
|
self.port
|
||||||
|
))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
use learn_axum::configuration::get_configuration;
|
use learn_axum::configuration::get_configuration;
|
||||||
use learn_axum::startup;
|
use learn_axum::startup;
|
||||||
use learn_axum::telemetry::{get_subscriber, init_subscriber};
|
use learn_axum::telemetry::{get_subscriber, init_subscriber};
|
||||||
|
use secrecy::ExposeSecret;
|
||||||
use sqlx::PgPool;
|
use sqlx::PgPool;
|
||||||
use tokio::net::TcpListener;
|
use tokio::net::TcpListener;
|
||||||
|
|
||||||
|
|
@ -14,8 +15,9 @@ async fn main() {
|
||||||
let configuration = get_configuration().expect("Failed to read configuration.");
|
let configuration = get_configuration().expect("Failed to read configuration.");
|
||||||
let addr = format!("127.0.0.1:{}", configuration.application_port);
|
let addr = format!("127.0.0.1:{}", configuration.application_port);
|
||||||
let listener = TcpListener::bind(addr).await.unwrap(); //.expect("Unable to bind to port");
|
let listener = TcpListener::bind(addr).await.unwrap(); //.expect("Unable to bind to port");
|
||||||
let connection_pool = PgPool::connect(&configuration.database.connection_string())
|
let connection_pool =
|
||||||
.await
|
PgPool::connect(configuration.database.connection_string().expose_secret())
|
||||||
.expect("Failed to connect to Postgres.");
|
.await
|
||||||
|
.expect("Failed to connect to Postgres.");
|
||||||
startup::run(listener, connection_pool).await.unwrap();
|
startup::run(listener, connection_pool).await.unwrap();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
use learn_axum::configuration::{get_configuration, DatabaseSettings};
|
use learn_axum::configuration::{get_configuration, DatabaseSettings};
|
||||||
use learn_axum::telemetry::{get_subscriber, init_subscriber};
|
use learn_axum::telemetry::{get_subscriber, init_subscriber};
|
||||||
use once_cell::sync::Lazy;
|
use once_cell::sync::Lazy;
|
||||||
|
use secrecy::ExposeSecret;
|
||||||
use sqlx::{Connection, Executor, PgConnection, PgPool};
|
use sqlx::{Connection, Executor, PgConnection, PgPool};
|
||||||
use tokio::net::TcpListener;
|
use tokio::net::TcpListener;
|
||||||
use uuid::Uuid;
|
use uuid::Uuid;
|
||||||
|
|
@ -128,16 +129,17 @@ async fn spawn_app() -> TestApp {
|
||||||
|
|
||||||
pub async fn configure_database(config: &DatabaseSettings) -> PgPool {
|
pub async fn configure_database(config: &DatabaseSettings) -> PgPool {
|
||||||
// Create database
|
// Create database
|
||||||
let mut connection = PgConnection::connect(&config.connection_string_without_db())
|
let mut connection =
|
||||||
.await
|
PgConnection::connect(&config.connection_string_without_db().expose_secret())
|
||||||
.expect("Failed to connect to Postgres");
|
.await
|
||||||
|
.expect("Failed to connect to Postgres");
|
||||||
connection
|
connection
|
||||||
.execute(format!(r#"CREATE DATABASE "{}";"#, config.name).as_str())
|
.execute(format!(r#"CREATE DATABASE "{}";"#, config.name).as_str())
|
||||||
.await
|
.await
|
||||||
.expect("Failed to create database.");
|
.expect("Failed to create database.");
|
||||||
|
|
||||||
// Migrate database
|
// Migrate database
|
||||||
let connection_pool = PgPool::connect(&config.connection_string())
|
let connection_pool = PgPool::connect(&config.connection_string().expose_secret())
|
||||||
.await
|
.await
|
||||||
.expect("Failed to connect to Postgres.");
|
.expect("Failed to connect to Postgres.");
|
||||||
sqlx::migrate!("./migrations")
|
sqlx::migrate!("./migrations")
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue