Encrypting data

Edit online

To encrypt data in the YAML configuration, use the !enc tag with a private and public key. The `ENC_KEY` environment variable must then be set in the container to point to a copy of the private key.

Key generation

Generate the keys by using the following OpenSSL commands:

openssl genrsa -out private.pem 2048
openssl rsa -pubout -in private.pem -out public.pem

String encryption

Encrypt a string by using the following OpenSSL command:

echo -n "<string>" | openssl pkeyutl -encrypt -pubin -inkey public_key.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 | base64

In the YAML file, prefix the encrypted value with !enc. For example,

  general:
    admin_pass: !enc "--encrypted string--"