Apq.Cfg.Crypto.Tool
1.2.1
dotnet tool install --global Apq.Cfg.Crypto.Tool --version 1.2.1
This package contains a .NET tool you can call from the shell/command line.
dotnet new tool-manifest
dotnet tool install --local Apq.Cfg.Crypto.Tool --version 1.2.1
This package contains a .NET tool you can call from the shell/command line.
#tool dotnet:?package=Apq.Cfg.Crypto.Tool&version=1.2.1
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
nuke :add-package Apq.Cfg.Crypto.Tool --version 1.2.1
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
Apq.Cfg.Crypto.Tool
Apq.Cfg 配置加密命令行工具。
仓库地址:https://gitee.com/apq/Apq.Cfg
📖 在线文档:https://apq-cfg.vercel.app/
安装
dotnet tool install -g Apq.Cfg.Crypto.Tool
命令
generate-key - 生成密钥
# 生成 256 位 AES-GCM 密钥(默认)
apqenc generate-key
# 生成 128 位密钥
apqenc generate-key --bits 128
# 生成 192 位密钥
apqenc generate-key -b 192
输出示例:
算法: AES-GCM
密钥位数: 256
Base64 密钥: abc123...xyz789==
请妥善保管此密钥,不要将其存储在配置文件中!
建议使用环境变量 APQ_CFG_ENCRYPTION_KEY 存储密钥。
encrypt - 加密值
# 加密单个值
apqenc encrypt --key "base64key..." --value "mySecretPassword"
# 输出: {ENC}base64ciphertext...
# 使用自定义前缀
apqenc encrypt -k "base64key..." -v "mySecret" --prefix "[ENCRYPTED]"
# 输出: [ENCRYPTED]base64ciphertext...
decrypt - 解密值
# 解密值
apqenc decrypt --key "base64key..." --value "{ENC}base64ciphertext..."
# 输出: mySecretPassword
# 使用自定义前缀
apqenc decrypt -k "base64key..." -v "[ENCRYPTED]base64cipher..." -p "[ENCRYPTED]"
encrypt-file - 批量加密配置文件
# 加密配置文件中的敏感值
apqenc encrypt-file --key "base64key..." --file config.json
# 预览将要加密的键(不实际修改)
apqenc encrypt-file -k "base64key..." -f config.json --dry-run
# 指定输出文件
apqenc encrypt-file -k "base64key..." -f config.json -o config.encrypted.json
# 自定义敏感键模式
apqenc encrypt-file -k "base64key..." -f config.json --patterns "*Password*,*Secret*,*ApiKey*"
# 使用自定义前缀
apqenc encrypt-file -k "base64key..." -f config.json --prefix "[ENC]"
敏感键模式
默认的敏感键模式(支持通配符 * 和 ?):
*Password*- 匹配包含 Password 的键*Secret*- 匹配包含 Secret 的键*ApiKey*- 匹配包含 ApiKey 的键*ConnectionString*- 匹配包含 ConnectionString 的键*Credential*- 匹配包含 Credential 的键*Token*- 匹配包含 Token 的键
使用示例
完整工作流
# 1. 生成密钥
apqenc generate-key
# 输出: Base64 密钥: abc123...xyz789==
# 2. 设置环境变量
export APQ_CFG_ENCRYPTION_KEY="abc123...xyz789=="
# 3. 预览将要加密的键
apqenc encrypt-file -k "$APQ_CFG_ENCRYPTION_KEY" -f appsettings.json --dry-run
# 4. 执行加密
apqenc encrypt-file -k "$APQ_CFG_ENCRYPTION_KEY" -f appsettings.json
# 5. 验证加密结果
cat appsettings.json
配置文件示例
加密前:
{
"Database": {
"ConnectionString": "Server=localhost;Database=mydb;User=admin;Password=secret123",
"Timeout": 30
},
"Api": {
"Key": "my-api-key-12345",
"Endpoint": "https://api.example.com"
}
}
加密后:
{
"Database": {
"ConnectionString": "{ENC}base64ciphertext...",
"Timeout": 30
},
"Api": {
"Key": "{ENC}base64ciphertext...",
"Endpoint": "https://api.example.com"
}
}
安全最佳实践
- 不要将加密密钥存储在配置文件中
- 使用环境变量存储密钥
- 在 CI/CD 中使用密钥管理服务
- 定期轮换密钥
- 使用 256 位密钥获得最高安全性
许可证
MIT License
作者
- 邮箱:amwpfiqvy@163.com
仓库
- Gitee:https://gitee.com/apq/Apq.Cfg
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
This package has no dependencies.