active_kms 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/LICENSE.txt +1 -1
- data/README.md +11 -3
- data/lib/active_kms/log_subscriber.rb +2 -2
- data/lib/active_kms/version.rb +1 -1
- data/lib/active_kms.rb +7 -7
- metadata +6 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2dbd7598a12e0da04e2a11ea009f7ecf3423f5ff3cacd423ac4a12386adf4029
|
|
4
|
+
data.tar.gz: f1222493d14e26dc019858b69f397fc09293d0ceb4847a70f102691b6d036a3a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d066b65184fbf1283f1d41e6c5926d87346c7582d9a08ad9a0f02dedd50a19c200fafd95ce1482004d5a5a041b264181a3364544edbd3c0fe2e9bada52270fcc
|
|
7
|
+
data.tar.gz: b041b8567d2b87f7e6217ea7f2fe2935a29bcf425fe1eac73b7f1ce3327e7ef2f37eaa0ff8871937c699ec079929e69bded9138a4e08bf735532fbc763d02336
|
data/CHANGELOG.md
CHANGED
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
|
@@ -2,9 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
Simple, secure key management for [Active Record encryption](https://edgeguides.rubyonrails.org/active_record_encryption.html)
|
|
4
4
|
|
|
5
|
-
**Note:**
|
|
5
|
+
**Note:** At the moment, encryption requires three encryption requests and one decryption request. See [this Rails issue](https://github.com/rails/rails/issues/42388) for more info. As a result, there’s no way to grant encryption and decryption permission separately.
|
|
6
6
|
|
|
7
|
-
[
|
|
7
|
+
For Lockbox and attr_encrypted, check out [KMS Encrypted](https://github.com/ankane/kms_encrypted)
|
|
8
|
+
|
|
9
|
+
[](https://github.com/ankane/active_kms/actions)
|
|
8
10
|
|
|
9
11
|
## Installation
|
|
10
12
|
|
|
@@ -130,7 +132,13 @@ Key management services allow you to rotate the master key without any code chan
|
|
|
130
132
|
vault write -f transit/keys/my-key/rotate
|
|
131
133
|
```
|
|
132
134
|
|
|
133
|
-
New data will be encrypted with the new master key version.
|
|
135
|
+
New data will be encrypted with the new master key version. To encrypt existing data with new master key version, run:
|
|
136
|
+
|
|
137
|
+
```ruby
|
|
138
|
+
User.find_each do |user|
|
|
139
|
+
user.encrypt
|
|
140
|
+
end
|
|
141
|
+
```
|
|
134
142
|
|
|
135
143
|
### Switching Keys
|
|
136
144
|
|
|
@@ -4,14 +4,14 @@ module ActiveKms
|
|
|
4
4
|
return unless logger.debug?
|
|
5
5
|
|
|
6
6
|
name = "Decrypt Data Key (#{event.duration.round(1)}ms)"
|
|
7
|
-
debug " #{color(name, YELLOW, true)}"
|
|
7
|
+
debug " #{color(name, YELLOW, bold: true)}"
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
def encrypt(event)
|
|
11
11
|
return unless logger.debug?
|
|
12
12
|
|
|
13
13
|
name = "Encrypt Data Key (#{event.duration.round(1)}ms)"
|
|
14
|
-
debug " #{color(name, YELLOW, true)}"
|
|
14
|
+
debug " #{color(name, YELLOW, bold: true)}"
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
17
|
end
|
data/lib/active_kms/version.rb
CHANGED
data/lib/active_kms.rb
CHANGED
|
@@ -2,15 +2,15 @@
|
|
|
2
2
|
require "active_support"
|
|
3
3
|
|
|
4
4
|
# modules
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
5
|
+
require_relative "active_kms/base_key_provider"
|
|
6
|
+
require_relative "active_kms/log_subscriber"
|
|
7
|
+
require_relative "active_kms/version"
|
|
8
8
|
|
|
9
9
|
# providers
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
10
|
+
require_relative "active_kms/aws_key_provider"
|
|
11
|
+
require_relative "active_kms/google_cloud_key_provider"
|
|
12
|
+
require_relative "active_kms/test_key_provider"
|
|
13
|
+
require_relative "active_kms/vault_key_provider"
|
|
14
14
|
|
|
15
15
|
module ActiveKms
|
|
16
16
|
class Error < StandardError; end
|
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: active_kms
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Kane
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: activerecord
|
|
@@ -16,15 +15,14 @@ dependencies:
|
|
|
16
15
|
requirements:
|
|
17
16
|
- - ">="
|
|
18
17
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 7.
|
|
18
|
+
version: '7.1'
|
|
20
19
|
type: :runtime
|
|
21
20
|
prerelease: false
|
|
22
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
22
|
requirements:
|
|
24
23
|
- - ">="
|
|
25
24
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 7.
|
|
27
|
-
description:
|
|
25
|
+
version: '7.1'
|
|
28
26
|
email: andrew@ankane.org
|
|
29
27
|
executables: []
|
|
30
28
|
extensions: []
|
|
@@ -45,7 +43,6 @@ homepage: https://github.com/ankane/active_kms
|
|
|
45
43
|
licenses:
|
|
46
44
|
- MIT
|
|
47
45
|
metadata: {}
|
|
48
|
-
post_install_message:
|
|
49
46
|
rdoc_options: []
|
|
50
47
|
require_paths:
|
|
51
48
|
- lib
|
|
@@ -53,15 +50,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
53
50
|
requirements:
|
|
54
51
|
- - ">="
|
|
55
52
|
- !ruby/object:Gem::Version
|
|
56
|
-
version: '2
|
|
53
|
+
version: '3.2'
|
|
57
54
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
58
55
|
requirements:
|
|
59
56
|
- - ">="
|
|
60
57
|
- !ruby/object:Gem::Version
|
|
61
58
|
version: '0'
|
|
62
59
|
requirements: []
|
|
63
|
-
rubygems_version: 3.
|
|
64
|
-
signing_key:
|
|
60
|
+
rubygems_version: 3.6.7
|
|
65
61
|
specification_version: 4
|
|
66
62
|
summary: Simple, secure key management for Active Record encryption
|
|
67
63
|
test_files: []
|