A library that facilitates decrypting passwords using an application secret stored in a Typesafe Config file.
When combined with an approach where the config file used is provided upon deployment and dynamically selected based on an environment variable it helps to avoid storing sensitive passwords in source control, while still allowing development configurations to be stored in source control.
Partially based on code from the Play! framework.
Add the library to your dependencies list
addSbtPlugin("com.evolution" % "sbt-artifactory-plugin" % "0.0.2")
libraryDependencies += "com.evolutiongaming" %% "crypto" % "2.1.0"
Create an application config file environments/default.conf
:
encryptedPasswords = true
application {
secret = "abcdefghijklmnop" // only for example purposes, you should use a strong randomly generated secret
}
password = "3-DG4i9kr/lboBjhjgwMsT/2f1Jc6vI4O9VucM+ucM7TDi9Q==" // use com.evolutiongaming.crypto.Encrypt app to encrypt
Use the library as follows
import com.evolutiongaming.crypto.DecryptConfig
import com.typesafe.config.ConfigFactory
val environmentKey = "ENVIRONMENT"
val environment = System.getenv(environmentKey).orElse(sys.props.get(environmentKey).getOrElse("default")) // select the environment to use
val config = ConfigFactory.parseResourcesAnySyntax(s"environments/$environment") // load the config file
val password = config.getString("password") // the encrypted password to decrypt
val decrypted = DecryptConfig(password, config) // decrypting the password
// now you can use the decrypted value to authenticate to external services
For more examples you can review DecryptConfigSpec.