Quick PHP code used as a proof of concept for storing credentials in memcached — cred is encrypted using libsodium before being send to memcached, and it is decrypted after being retrieved. This is done both to prevent in-memory data from being meaningful and because the PHP memcached extension doesn’t seem to support SSL communication. <\/p>\n\n\n
\n<?php\n\n# To generate key and nonce, use sodium_bin2hex to stash these two values\n#$sodiumKey = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES); \/\/ 256 bit\n#$sodiumNonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); \/\/ 24 bytes\n\n# Stashed key and nonce strings\n$strSodiumKey = 'cdce35b57cdb25032e68eb14a33c8252507ae6ab1627c1c7fcc420894697bf3e';\n$strSodiumNonce = '652e16224e38da20ea818a92feb9b927d756ade085d75dab';\n# Turn key and nonce back into binary data\n$sodiumKey = sodium_hex2bin($strSodiumKey);\n$sodiumNonce = sodium_hex2bin($strSodiumNonce);\n\n# Initiate memcached object and add sandbox server\n$memcacheD = new Memcached;\n$memcacheD->addServer('127.0.0.1','11211',1); # add high priority weight server added to memcacheD\n\n$arrayDataToStore = array(\n "credValueGoesHere",\n "cred2",\n "cred3",\n "cred4",\n "cred5"\n);\n\n# Encrypt and stash data\nfor($i = 0; $i < count($arrayDataToStore); $i++){\n usleep(100);\n $strValue = $arrayDataToStore[$i];\n $strMemcachedKey = 'credtest' . $i;\n $strCryptedValue = base64_encode(sodium_crypto_secretbox($strValue, $sodiumNonce, $sodiumKey));\n $memcacheD->set($strMemcachedKey, $strCryptedValue,time()+120);\n}\n\n# Get each key and decrypt it\nfor($i = 0; $i < count($arrayDataToStore); $i++){\n $strMemcachedKey = 'credtest'.$i;\n $strValue = sodium_crypto_secretbox_open(base64_decode($memcacheD->get($strMemcachedKey)),$sodiumNonce, $sodiumKey);\n echo "The value on key $strMemcachedKey is: $strValue \\n";\n}\n?>\n<\/pre><\/div>","protected":false},"excerpt":{"rendered":"Quick PHP code used as a proof of concept for storing credentials in memcached — cred is encrypted using libsodium before being send to memcached, and it is decrypted after being retrieved. This is done both to prevent in-memory data from being meaningful and because the PHP memcached extension doesn’t seem to support SSL communication.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[1452,35],"class_list":["post-8203","post","type-post","status-publish","format-standard","hentry","category-coding","tag-memcached","tag-php"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/8203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8203"}],"version-history":[{"count":1,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/8203\/revisions"}],"predecessor-version":[{"id":8204,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/8203\/revisions\/8204"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}