Secret_box (secrets.Secrets.Secret

Module Secrets.Secret_box

Encrypted secrets.

of_yojson is the only constructor that takes in raw data. General usage pattern:

let protected = Secret_box.encrypt ~password ~plaintext |> Secret_box.to_yojson |> Yojson.to_string in let maybe_unprotected = Secret_box.of_yojson protected |> Or_error.map ~f:(Secret_box.decrypt ~password) in assert maybe_unprotected = Ok plaintext

NOTE: this will _erase_ the contents of password arguments. If you stash them somewhere (you shouldn't outside of tests), you should copy the string before you call these functions.

type t

val to_yojson : t -> Yojson.Safe.t

val of_yojson : Yojson.Safe.t -> t Ppx_deriving_yojson_runtime.error_or

include Ppx_sexp_conv_lib.Sexpable.S with type t := t

val t_of_sexp : Sexplib0__.Sexp.t -> t

val sexp_of_t : t -> Sexplib0__.Sexp.t

val encrypt : 
  password:Core_kernel.Bytes.t ->
  plaintext:Core_kernel.Bytes.t ->
  t

Password-protect some plaintext.

val decrypt : 
  password:Core_kernel.Bytes.t ->
  t ->
  ( Core_kernel.Bytes.t,
    [> `Corrupted_privkey of Core_kernel.Error.t
    | `Incorrect_password_or_corrupted_privkey ] )
    Core_kernel.Result.t

Decrypt some bytes with a password