Quick PHP code used as a proof of concept for storing credentials in memcached — cred is encrypted using libsodium before being send to memcached, and it is decrypted after being retrieved. This is done both to prevent in-memory data from being meaningful and because the PHP memcached extension doesn’t seem to support SSL communication.
<?php
# To generate key and nonce, use sodium_bin2hex to stash these two values
#$sodiumKey = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES); // 256 bit
#$sodiumNonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); // 24 bytes
# Stashed key and nonce strings
$strSodiumKey = 'cdce35b57cdb25032e68eb14a33c8252507ae6ab1627c1c7fcc420894697bf3e';
$strSodiumNonce = '652e16224e38da20ea818a92feb9b927d756ade085d75dab';
# Turn key and nonce back into binary data
$sodiumKey = sodium_hex2bin($strSodiumKey);
$sodiumNonce = sodium_hex2bin($strSodiumNonce);
# Initiate memcached object and add sandbox server
$memcacheD = new Memcached;
$memcacheD->addServer('127.0.0.1','11211',1); # add high priority weight server added to memcacheD
$arrayDataToStore = array(
"credValueGoesHere",
"cred2",
"cred3",
"cred4",
"cred5"
);
# Encrypt and stash data
for($i = 0; $i < count($arrayDataToStore); $i++){
usleep(100);
$strValue = $arrayDataToStore[$i];
$strMemcachedKey = 'credtest' . $i;
$strCryptedValue = base64_encode(sodium_crypto_secretbox($strValue, $sodiumNonce, $sodiumKey));
$memcacheD->set($strMemcachedKey, $strCryptedValue,time()+120);
}
# Get each key and decrypt it
for($i = 0; $i < count($arrayDataToStore); $i++){
$strMemcachedKey = 'credtest'.$i;
$strValue = sodium_crypto_secretbox_open(base64_decode($memcacheD->get($strMemcachedKey)),$sodiumNonce, $sodiumKey);
echo "The value on key $strMemcachedKey is: $strValue \n";
}
?>