Encrypt Password in File

Introduction

This example shows how to store a password securely in a configuration file. To do this we encrypt the password and save it to the configuration file, and then we load and decrypt it at runtime when it is needed.

This method is much more secure than storing a password (as plain text) in the Lua code of a Translator instance since it stops the information going into GIT source control.

If you have any questions please contact us at support@interfaceware.com.

Using the Code [top]

  • Import the Encrypt Password in File channel from the Builtin: Iguana Files repository
  • Experiment with the code to find out how it works
  • Then add the module to your Translator project
  • Copy the require statement from the channel and add it at the top of your script
    Note: This module uses require to return a table
  • Adapt the code to your own requirements
  • Load the password using config.load{}
    • For security choose your own configuration file name and encryption key, do not use the ones shown on this page
    • For efficiency call the module outside of the main() function, to avoid the overhead of loading a file each time a message is processed
  • One-off code: The last line in main() is a single line of “one-off” code that is used to encrypt the password:
    • Execute this code once inside the Editor to encrypt the password
      Note: You will need to run it again (once inside the editor) whenever the password changes
    • This line uses config.save{} to save the encrypted password in the configuration file
    • Steps to encrypt and save a password:
      • Enter the real password you want to encrypt, by modifying the password parameter of the config.save{} function
      • Uncomment the line of code so it runs to encrypts and saves the password
      •  Comment out the line of code, then replace the real password with a fake
        Note: If don’t comment the line first then the fake password will be encrypted
      • Check the config.load{} test code is returning the correct password
      • Warning: Be careful to never save a commit that includes a real password
  • Interactive scripting help is included for this module

This is the github code for the main module:

How it works [top]

  • Production: There  only one line of code that runs in production:
    • This line uses config.load{} to load the password from the configuration file
    • This line is run outside of the main() function to avoid the overhead of loading a file for each message processed
  • Editor: There are several lines of test code for demonstration purposes:
    • First we use iguana.isTest() to ensure the code only runs in the Editor
    • Then we find and display the Iguana working directory, using the iguana.workingDir() function
    • Finally we load and display the decrypted password to confirm that it is correct, using the config.load{} function
  • One-off code: The last line in main() is “one-off” code that is used to encrypt and save the password:
    • This line uses config.save{} to save the encrypted password in the configuration file
      Note: This line should remain commented out at all times, except when you need to encrypt a password within the Editor

More information [top]