active_enquo 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b740bd6f520103011cd211cfa06784c088de442c675b39a6730a3bd03b45b6fe
+  data.tar.gz: 3511374723b0718079b71dd0f2641c5306de18cf3d1108714dcf43776ab56d4f
+SHA512:
+  metadata.gz: aade149dd6f25589426c2b5f7a642ce1d86d52a30ac68479a5a704886a8bb9a642cb90fa37d9639fcde0e296fc5eec22d4696ee1d221d4215c61644dc431d385
+  data.tar.gz: efecd652bfea10fd4cd0563c1c4dfacddccb3cd6c0d5aa45d6578cbecf3229a5b33ea14fa2000f5021fd69d82ebe19b2fb3d1ddeff3d05845154c0c3a8a6e4f3

data/.editorconfig

@@ -0,0 +1,23 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+charset = utf-8
+trim_trailing_whitespace = true
+
+[*.{yml,yaml}]
+indent_style = space
+indent_size = 2
+
+[*.rb]
+indent_style = tab
+indent_size = 3
+
+[Rakefile]
+indent_style = tab
+indent_size = 3
+
+[*.md]
+indent_style = space
+indent_size = 2

data/.github/workflows/release.yml

@@ -0,0 +1,31 @@
+name: "Release to RubyGems"
+on:
+  release:
+    types: [created]
+  workflow_dispatch:
+
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+    name: "Upload"
+
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Install ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '2.7'
+          bundler-cache: true
+
+      - name: Workaround for https://github.com/actions/checkout/issues/290
+        run: |
+          git fetch --force --tags
+
+      - name: Do The Needful
+        env:
+          GEM_HOST_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }}
+        run: |
+          rake release

data/.gitignore

@@ -0,0 +1,5 @@
+Gemfile.lock
+/pkg
+/doc
+/.yardoc
+/coverage

data/.yardopts

@@ -0,0 +1 @@
+--markup markdown

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,48 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of
+fostering an open and welcoming community, we pledge to respect all people who
+contribute through reporting issues, posting feature requests, updating
+documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic
+  addresses, without explicit permission
+* Other unethical or unprofessional conduct
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+By adopting this Code of Conduct, project maintainers commit themselves to
+fairly and consistently applying these principles to every aspect of managing
+this project. Project maintainers who do not follow or enforce the Code of
+Conduct may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting a project maintainer at coc@enquo.org. All complaints
+will be reviewed and investigated and will result in a response that is deemed
+necessary and appropriate to the circumstances. Maintainers are obligated to
+maintain confidentiality with regard to the reporter of an incident.
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.3.0, available at
+[http://contributor-covenant.org/version/1/3/0/][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/3/0/

data/CONTRIBUTING.md

@@ -0,0 +1,9 @@
+* If you have found a discrepancy in documented and observed behaviour, that is a bug.
+  Feel free to [report it as an issue](https://github.com/enquo/active_enquo/issues), providing sufficient detail to reproduce the problem.
+
+* If you would like to add new behaviour, please submit a well-tested and well-documented [pull request](https://github.com/enquo/active_enquo/pulls).
+
+* By making a contribution to this repository, you agree that the contribution is licenced under the terms of the [MIT licence](./LICENCE).
+  Further, you warrant that you hold all intellectual property rights in the contribution, or that you have the permission of the owner of those rights to make the contribution under these conditions.
+
+* At all times, abide by the Code of Conduct (CODE_OF_CONDUCT.md).

data/LICENCE

@@ -0,0 +1,19 @@
+The MIT License (MIT)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,224 @@
+[ActiveEnquo](https://enquo.org/active_enquo) is a Ruby on Rails ActiveRecord extension that works with the [pg_enquo Postgres extension](https://github.com/enquo/pg_enquo) to allow you to query encrypted data.
+This allows you to keep the data you store safe, by encrypting it, without compromising on your application's ability to search for that data and work with it.
+
+Sounds like magic?
+Well, maybe a little bit.
+Read our [how it works](https://enquo.org/how-it-works) if you're interested in the details, or read on for how to use it.
+
+
+# Pre-requisites
+
+In order to make use of this extension, you must be running Postgres 10 or higher, with the [`pg_enquo`](https://github.com/enquo/pg_enquo) extension enabled in the database you're working in.
+See [the `pg_enquo` installation guide](https://github.com/enquo/pg_enquo/tree/main/doc/installation.md) for instructions on how to install `pg_enquo`.
+
+Also, if you're installing this gem from source, you'll need a reasonably recent [Rust](https://rust-lang.org) toolchain installed.
+
+
+# Installation
+
+It's a gem:
+
+    gem install active_enquo
+
+There's also the wonders of [the Gemfile](http://bundler.io):
+
+    gem 'active_enquo'
+
+If you're the sturdy type that likes to run from git:
+
+    rake install
+
+Or, if you've eschewed the convenience of Rubygems entirely, then you
+presumably know what to do already.
+
+
+# Configuration
+
+The only setting that ActiveEnquo needs is to be given a "root" key, which is used to derive the keys which are used to actually encrypt data.
+This key ***MUST*** be generated by a cryptographically-secure random number generator, and must also be 64 hex digits in length.
+A good way to generate this key is with the `SecureRandom` module:
+
+```sh
+ruby -r securerandom -e 'puts SecureRandom.hex(32)'
+```
+
+With this key in hand, you can store it in the Rails credential store, like this:
+
+1. Open up the Rails credentials editor:
+
+   ```ruby
+   rails credentials:edit
+   ```
+
+2. Add a section to that file that looks like this:
+
+   ```yaml
+   active_enquo:
+     root_key: "0000000000000000000000000000000000000000000000000000000000000000"
+   ```
+
+3. Save and exit the editor.  Commit the changes to your revision control system.
+
+This only works if you are using Rails, of course; if you're using ActiveRecord by itself, you must set the root key yourself during application initialization.
+You do this by assigning a `RootKey` to `ActiveEnquo.root_key`, like this:
+
+```ruby
+# DO NOT ACTUALLY PUT YOUR KEY DIRECTLY IN YOUR CODE!!!
+ActiveEnquo.root_key = ActiveEnquo::RootKey::Static.new("0000000000000000000000000000000000000000000000000000000000000000")
+```
+
+However, this leaves the key exposed to anyone who comes along and takes a glance at your code.
+Losing control of this root key is catastrophic for the security of your system.
+Instead, you should use a secrets vault of some sort to store the key, and pass it into your initialization code somehow.
+
+Support for cloud keystores, such as AWS KMS, GCP KMS, Azure KeyVault, and HashiCorp Vault, will be implemented sooner or later.
+If you have a burning desire to see that more on the "sooner" end than "later", PRs are welcome.
+
+
+# Usage
+
+Start by creating a column in your database that uses one of the [available enquo types](https://github.com/enquo/pg_enquo/doc/data_types), with a Rails migration:
+
+```ruby
+class AddEncryptedBigintColumn < ActiveRecord::Migration[6.0]
+  def change
+    add_column :users, :age, :enquo_bigint
+  end
+end
+```
+
+
+## Reading and Writing
+
+You can now use that attribute in your models as you would normally.
+For example, insert a new record:
+
+```ruby
+User.create!([{name: "Clara Bloggs", username: "cbloggs", age: 42}])
+```
+
+When you retrieve a record, the value is there for you to read:
+
+```ruby
+User.where(username: "cbloggs").first.age  # => 42
+```
+
+So far, nothing more spectacular than what AR Encryption will get you.
+The fun begins now...
+
+
+## Querying
+
+You can query for records with an exact age:
+
+```ruby
+User.where(age: User.enquo(:age, 42))
+```
+
+Or you can query for records with an age of less than 50:
+
+```ruby
+# This is AR's idiomatic way of saying "less-than"
+User.where(age: User.enquo(:age, ...50))
+```
+
+*However*, if you examine the record in the database, it's encrypted:
+
+```sh
+psql> SELECT age FROM users WHERE username='cbloggs';
+  age
+-------
+ {"ct":[<lots of numbers>],"ore":[<lots and LOTS of numbers>]}
+```
+
+And that, as they say, is that.
+
+
+## Indexing and Ordering
+
+To maintain [security](https://enquo.org/about/threat-models#snapshot-security), ActiveEnquo isn't able to `ORDER BY` or index columns.
+This is fine for many situations -- many columns don't need indexes.
+
+For those columns that *do* need indexes or `ORDER BY` support, you can enable support for them by setting the `enable_reduced_security_operations` flag on the attribute, like this:
+
+```ruby
+class User < ApplicationRecord
+  # Enables indexing and ORDER BY for this column, at the cost of reduced security
+  enquo_attr :age, enable_reduced_security_operations: true
+end
+```
+
+### SECURITY ALERT
+
+As the name implies, "reduced security operations" require that the security of the data in the column be lower than [Enquo's default security properties](https://enquo.org/about/threat-models#snapshot-security).
+In particular, extra data is stored in the value which can be used by an attacker to:
+
+* Identify all rows which have the same value for the column (although not what that value actually *is*); and
+
+* Perform inference attacks to try and determine the approximate or exact value for the column of some or all of the rows.
+
+The practical implications of these attack vectors varies wildly between different types of data, which makes it harder to decide if it's reasonable to allow reduced security operations.
+Our recommended rule-of-thumb is that if the features you need can *only* be implemented if you either enable reduced security operations, or leave the data unencrypted, then enable them.
+Otherwise, leave the default as-is.
+
+
+## Saving Disk Space
+
+While the power of `ActiveEnquo` is based around being able to *query* encrypted data, not all columns necessarily need to be queried.
+If so, you can reduce the disk space requirements for those columns by setting `no_query: true` for those columns:
+
+```ruby
+class User < ApplicationRecord
+  # Disables querying for this column, and saves a heap of bytes on your disk space
+  enquo_attr :age, no_query: true
+end
+```
+
+
+# Future Developments
+
+These are some of the things that are definitely planned to be added to ActiveEnquo in the nearish future.
+
+* **Support for key rotation**: this isn't tricky, just a bit fiddly.
+  Encrypted values have a "key ID" associated with them, so we can find which values are out-of-date, but multiple keys need to useable for decryption.
+  Closely related to this is **support for renaming columns**, which is problematic because keys are derived based on the column name.
+  Again, key IDs (to find values encrypted with the previous column name) and the ability to attempt decryption with a key based on the previous column name sorts this out.
+
+* **Strings**: a great deal of the sensitive data that needs protecting is in the form of strings.
+  Querying strings is somewhat more involved than numeric data, and so the means of encrypting strings such that they're queryable *and* secure are more complex.
+  Enquo cannot be a really useful library for supporting encrypted querying until at least some common string query operations are supported, though, so it is important that this be implemented.
+
+* **Other data types**: while you can go a long way with strings and bigints, part of the power of SQL is the sheer variety of interesting data types it has, and the variety of things you can do with them.
+  So more integer types, floats, decimals, dates, times, timestamps, and more, are all on the cards for future development.
+
+
+# Contributing
+
+For general guidelines for contributions, see [CONTRIBUTING.md](CONTRIBUTING.md).
+Detailed information on developing `ActiveEnquo`, including how to run the test suite, can be found in [docs/DEVELOPMENT.md](DEVELOPMENT.md).
+
+
+# Licence
+
+Unless otherwise stated, everything in this repo is covered by the following
+licence statement:
+
+    Copyright (C) 2022  Matt Palmer <matt@enquo.org>
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in
+    all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+    THE SOFTWARE.

data/active_enquo.gemspec

@@ -0,0 +1,44 @@
+begin
+	require "git-version-bump"
+rescue LoadError
+	nil
+end
+
+Gem::Specification.new do |s|
+	s.name = "active_enquo"
+
+	s.version = GVB.version rescue "0.0.0.1.NOGVB"
+	s.date    = GVB.date    rescue Time.now.strftime("%Y-%m-%d")
+
+	s.platform = Gem::Platform::RUBY
+
+	s.summary  = "ActiveRecord integration for encrypted querying operations"
+
+	s.authors  = ["Matt Palmer"]
+	s.email    = ["matt@enquo.org"]
+	s.homepage = "https://enquo.org"
+
+	s.metadata["homepage_uri"] = s.homepage
+	s.metadata["source_code_uri"] = "https://github.com/enquo/active_enquo"
+	s.metadata["changelog_uri"] = "https://github.com/enquo/active_enquo/releases"
+	s.metadata["bug_tracker_uri"] = "https://github.com/enquo/active_enquo/issues"
+
+	s.files = `git ls-files -z`.split("\0").reject { |f| f =~ /^(G|spec|Rakefile)/ }
+
+	s.required_ruby_version = ">= 2.7.0"
+
+	s.add_runtime_dependency "enquo-core", "~> 0.3"
+	s.add_runtime_dependency "activerecord", ">= 6"
+
+	s.add_development_dependency "bundler"
+	s.add_development_dependency "github-release"
+	s.add_development_dependency "guard-rspec"
+	s.add_development_dependency "pg"
+	s.add_development_dependency "rake", "~> 13.0"
+	# Needed for guard
+	s.add_development_dependency "rb-inotify", "~> 0.9"
+	s.add_development_dependency "redcarpet"
+	s.add_development_dependency "rspec"
+	s.add_development_dependency "simplecov"
+	s.add_development_dependency "yard"
+end

data/docs/DEVELOPMENT.md

@@ -0,0 +1,24 @@
+Here are some notes on how to do development on `ActiveEnquo`.
+
+# Setup
+
+1. Checkout the repo.
+
+2. Ensure you've got a Ruby 2.7+ installation as your default Ruby.
+
+3. Run `bundle install`.
+
+... and you're ready to go.
+
+
+# Running the test suite
+
+Run the test suite with `rake spec`.
+
+You'll need a Postgres database with the [`pg_enquo`](https://github.com/enquo/pg_enquo) extension installed.
+Use the [standard `PG*` environment variables](https://www.postgresql.org/docs/current/libpq-envars.html) to control the where the test suite connects to.
+If you're running a "test" `pg_enquo` database with `cargo pgx run pgNN`, then this should do the trick:
+
+```sh
+$ PGHOST=localhost PGDATABASE=pg_enquo PGPORT=288NN rake spec
+```

data/lib/active_enquo.rb

@@ -0,0 +1,120 @@
+require "active_record/connection_adapters/postgresql_adapter"
+require "active_support/lazy_load_hooks"
+
+require "enquo"
+
+module ActiveEnquo
+	def self.root_key=(k)
+		@root = Enquo::Root.new(k)
+	end
+
+	def self.root
+		if @root.nil?
+			raise RuntimeError, "The ActiveEnquo root key must be set before calling ActiveEnquo.root"
+		end
+
+		@root
+	end
+
+	RootKey = Enquo::RootKey
+
+	module ActiveRecord
+		module ModelExtension
+			extend ActiveSupport::Concern
+
+			def _read_attribute(attr_name, &block)
+				t = self.class.attribute_types[attr_name]
+				if t.is_a?(::ActiveEnquo::Type)
+					relation = self.class.arel_table.name
+					value = @attributes.fetch_value(attr_name, &block)
+					field = ::ActiveEnquo.root.field(relation, attr_name)
+					begin
+						t.decrypt(value, @attributes.fetch_value(@primary_key).to_s, field)
+					rescue Enquo::Error
+						# If the record had not yet been inserted into the database at the time the
+						# attribute was originally written, then that attribute's context will be empty.
+						# This is troublesome, but it's tricky to solve at this layer, so we'll have to
+						# take the risk and try and decryption with empty context.
+						t.decrypt(value, "", field)
+					end
+				else
+					super
+				end
+			end
+
+			def _write_attribute(attr_name, value)
+				t = self.class.attribute_types[attr_name]
+				if t.is_a?(::ActiveEnquo::Type)
+					relation = self.class.arel_table.name
+					field = ::ActiveEnquo.root.field(relation, attr_name)
+					attr_opts = self.class.enquo_attribute_options.fetch(attr_name.to_sym, {})
+					safety = if attr_opts[:enable_reduced_security_operations]
+						:unsafe
+					end
+					db_value = t.encrypt(value, @attributes.fetch_value(@primary_key).to_s, field, safety: safety, no_query: attr_opts[:no_query])
+					@attributes.write_from_user(attr_name, db_value)
+				else
+					super
+				end
+			end
+
+			module ClassMethods
+				def enquo(attr_name, value)
+					t = self.attribute_types[attr_name.to_s]
+					if t.is_a?(::ActiveEnquo::Type)
+						relation = self.arel_table.name
+						field = ::ActiveEnquo.root.field(relation, attr_name)
+						t.encrypt(value, "", field, safety: :unsafe)
+					else
+						raise ArgumentError, "Cannot produce encrypted value on a non-enquo attribute '#{attr_name}'"
+					end
+				end
+
+				def enquo_attr(attr_name, opts)
+					enquo_attribute_options[attr_name] = @enquo_attribute_options[attr_name].merge(opts)
+				end
+
+				def enquo_attribute_options
+					@enquo_attribute_options ||= Hash.new({})
+				end
+			end
+		end
+	end
+
+	module Postgres
+		module ConnectionAdapter
+			def initialize_type_map(m = type_map)
+				m.register_type "enquo_bigint", ActiveEnquo::Type::Bigint.new
+
+				super
+			end
+		end
+	end
+
+	class Type < ::ActiveRecord::Type::Value
+		class Bigint < Type
+			def type
+				:enquo_bigint
+			end
+
+			def encrypt(value, context, field, safety: true, no_query: false)
+				field.encrypt_i64(value, context, safety: safety, no_query: no_query)
+			end
+
+			def decrypt(value, context, field)
+				field.decrypt_i64(value, context)
+			end
+		end
+	end
+end
+
+ActiveSupport.on_load(:active_record) do
+	::ActiveRecord::Base.send :include, ActiveEnquo::ActiveRecord::ModelExtension
+
+	::ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.prepend ActiveEnquo::Postgres::ConnectionAdapter
+#	::ActiveRecord::Type.register(:enquo_bigint, ActiveEnquo::Type::Bigint, adapter: :postgresql)
+
+	unless ActiveRecord::VERSION::MAJOR == 7
+		::ActiveRecord::ConnectionAdapters::PostgreSQLAdapter::NATIVE_DATABASE_TYPES[:enquo_bigint] = {}
+	end
+end

metadata

@@ -0,0 +1,225 @@
+--- !ruby/object:Gem::Specification
+name: active_enquo
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Matt Palmer
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2022-10-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: enquo-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: github-release
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rb-inotify
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: redcarpet
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- matt@enquo.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".editorconfig"
+- ".github/workflows/release.yml"
+- ".gitignore"
+- ".yardopts"
+- CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
+- LICENCE
+- README.md
+- active_enquo.gemspec
+- docs/DEVELOPMENT.md
+- lib/active_enquo.rb
+homepage: https://enquo.org
+licenses: []
+metadata:
+  homepage_uri: https://enquo.org
+  source_code_uri: https://github.com/enquo/active_enquo
+  changelog_uri: https://github.com/enquo/active_enquo/releases
+  bug_tracker_uri: https://github.com/enquo/active_enquo/issues
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key: 
+specification_version: 4
+summary: ActiveRecord integration for encrypted querying operations
+test_files: []