asherah 0.1.0.beta.1-x86_64-darwin → 0.1.0.beta.2-x86_64-darwin

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29d89e0a12227a2726576261f4b7f670474958f6d499c00c4c90777f61f0b46e
-  data.tar.gz: 168335e6d96a8f90db05c9ab5e2076084fe412086d12463a776a34b260fdabba
+  metadata.gz: e3e07fa915ec849dcddfa6a309ddb834baf0060bc420a3ea42e521b127b055ba
+  data.tar.gz: 6c91eb6493ad293f7a66d301d67abb392db99de28cd6254b3fc3ce136b3e6c77
 SHA512:
-  metadata.gz: eb2b5b18a371ee8fb063ee60d182c2b784f1a7f417985f3b41ef080328392ca93ce4c811271672b99a7e6a0090bff5bb5fe0f0f2d1236f6638a0e5f3d020f40c
-  data.tar.gz: 9947c2f45ed93447841be518e9099f4b55fb684e08a9a1b5e87e9cec89a9acf1c282dfde05d81e5fd87327460dccfb9f4e5c9de2cf37dbe024d68a0ef78c5cd4
+  metadata.gz: cef747ccb3d115a4a755e751961c8a2fb3b922f6d6166391332dc07bfa4c47db24aeaca0708100b61f6c6f2048d694786bf4b2bca347df1c9b8c62bc5e0ea517
+  data.tar.gz: 28d44374434998f0b2b4c4fdfc9a1006a60a6017c939fc6d58dd83b4fcbaa6e913eeba0d75fd4b85d7751fd6b36d40e936f1df3a91a825eceaa14d1ce94623b7

data/.rubocop.yml

@@ -26,14 +26,8 @@ Style/MultilineBlockChain:
 Style/BlockDelimiters:
   Enabled: false
 
-Style/HashAsLastArrayItem:
-  Enabled: false
-
 Metrics/AbcSize:
   Enabled: false
 
-Metrics/ParameterLists:
-  Enabled: false
-
-Metrics/ModuleLength:
+Style/GuardClause:
   Enabled: false

data/CHANGELOG.md

@@ -1,5 +1,15 @@
 ## [Unreleased]
 
-## [0.1.0] - 2022-03-02
 
-- Initial release
+## [0.1.0.beta2] - 2022-03-14
+
+- Add smoke tests for native gems
+- Change to use `SetupJson` instead of `Setup`
+- Update config options to make them consistent with Asherah Go
+- Add `shutdown`
+- Add `encrypt_to_json` and `decrypt_from_json`
+- Add coverage report
+
+## [0.1.0.beta1] - 2022-03-07
+
+- Initial proof of concept

data/Gemfile

@@ -6,7 +6,3 @@ source 'https://rubygems.org'
 gemspec
 
 gem 'rake', '~> 13.0'
-
-gem 'rspec', '~> 3.0'
-
-gem 'rubocop', '~> 1.21'

data/README.md

@@ -1,8 +1,14 @@
 # Asherah
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/asherah`. To experiment with that code, run `bin/console` for an interactive prompt.
+Asherah is a Ruby wrapper around [Asherah Go](https://github.com/godaddy/asherah) application-layer encryption SDK that provides advanced encryption features and defense in depth against compromise. It uses a technique known as "envelope encryption" and supports cloud-agnostic data storage and key management.
 
-TODO: Delete this and the text above, and describe your gem
+Check out the following documentation to get more familiar with its concepts:
+
+- [Design and Architecture](https://github.com/godaddy/asherah/blob/master/docs/DesignAndArchitecture.md)
+- [Key Caching](https://github.com/godaddy/asherah/blob/master/docs/KeyCaching.md)
+- [Key Management Service](https://github.com/godaddy/asherah/blob/master/docs/KeyManagementService.md)
+- [Metastore](https://github.com/godaddy/asherah/blob/master/docs/Metastore.md)
+- [System Requirements](https://github.com/godaddy/asherah/blob/master/docs/SystemRequirements.md)
 
 ## Installation
 
@@ -12,17 +18,44 @@ Add this line to your application's Gemfile:
 gem 'asherah'
 ```
 
-And then execute:
-
-    $ bundle install
+```bash
+bundle install
+```
 
 Or install it yourself as:
 
-    $ gem install asherah
+```bash
+gem install asherah
+```
 
 ## Usage
 
-TODO: Write usage instructions here
+Configure Asherah:
+
+```ruby
+Asherah.configure do |config|
+  config.kms_type = 'static'
+  config.metastore = 'memory'
+  config.service_name = 'gem'
+  config.product_id = 'sable'
+end
+```
+
+Encrypt some data for a `partition_id`
+
+```ruby
+partition_id = 'user_1'
+data = 'Some PII data'
+data_row_record = Asherah.encrypt(partition_id, data)
+p data_row_record
+```
+
+Decrypt `data_row_record`
+
+```ruby
+decrypted_data = Asherah.decrypt(partition_id, data_row_record)
+p decrypted_data
+```
 
 ## Development
 
@@ -32,8 +65,8 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/asherah.
+Bug reports and pull requests are welcome on GitHub at https://github.com/godaddy/asherah-ruby.
 
 ## License
 
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+The gem is available as open source under the terms of the [MIT License](LICENSE.txt).

data/Rakefile

@@ -3,7 +3,7 @@
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 require 'rubygems/package'
-require "open-uri"
+require 'open-uri'
 
 RSpec::Core::RakeTask.new(:spec)
 
@@ -18,7 +18,7 @@ DISTRIBUTIONS = {
   'x86_64-darwin' => ['libasherah-x64.dylib'],
   'aarch64-linux' => ['libasherah-arm64.so'],
   'arm64-darwin' => ['libasherah-arm64.dylib']
-}
+}.freeze
 
 def native_build(platform, native_files)
   puts "Building gem for #{platform}"
@@ -49,10 +49,10 @@ def native_build(platform, native_files)
       native_file_path = File.join(native_dir, native_file)
       gemspec.files << native_file_path
 
-      URI.open(native_file_path, 'wb') do |file|
+      File.open(native_file_path, 'wb') do |file|
         url = "https://github.com/godaddy/asherah-cobhan/releases/download/current/#{native_file}"
         puts "Downloading #{url}"
-        file << URI.open(url).read
+        file << URI.parse(url).open.read
       end
     end
 
@@ -61,16 +61,15 @@ def native_build(platform, native_files)
   end
 end
 
-
 namespace :native do
-  namespace :build do
-    desc "Build all native gems"
-    task :all do
-      DISTRIBUTIONS.each do |platform, native_files|
-        native_build(platform, native_files)
-      end
+  desc 'Build all native gems'
+  task :build do
+    DISTRIBUTIONS.each do |platform, native_files|
+      native_build(platform, native_files)
     end
+  end
 
+  namespace :build do
     DISTRIBUTIONS.each do |platform, native_files|
       desc "Build native gem for #{platform}"
       task :"#{platform}" do
@@ -83,15 +82,15 @@ namespace :native do
     require 'cobhan'
 
     filename = Class.new.extend(Cobhan).library_file_name('libasherah')
-    platform, _ = DISTRIBUTIONS.detect { |k, v| v.include?(filename) }
+    platform, _files = DISTRIBUTIONS.detect { |_k, v| v.include?(filename) }
 
     desc "Smoke test native gem on #{platform} platform"
-    task :"#{platform}" => :"build:#{platform}" do
+    task "#{platform}": :"build:#{platform}" do
       gemspec = Bundler.load_gemspec('asherah.gemspec')
       gemspec.platform = Gem::Platform.new(platform)
 
       sh("gem install pkg/#{gemspec.file_name}")
-      sh("ruby spec/smoke_test.rb")
+      sh('ruby spec/smoke_test.rb')
     end
   end
 end

data/asherah.gemspec

@@ -35,4 +35,9 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_dependency 'cobhan', '~> 0.1.2'
+  spec.add_development_dependency 'dotenv', '~> 2.7.6'
+  spec.add_development_dependency 'rspec', '~> 3.10.0'
+  spec.add_development_dependency 'rubocop', '~> 1.7'
+  spec.add_development_dependency 'simplecov', '~> 0.21.2'
+  spec.add_development_dependency 'simplecov-console', '~> 0.9.1'
 end

data/lib/asherah/config.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Asherah
+  # @attr [String] service_name, The name of this service
+  # @attr [String] product_id, The name of the product that owns this service
+  # @attr [String] kms, The master key management service (static or aws)
+  # @attr [String] metastore, The type of metastore for persisting keys (rdbms, dynamodb, memory)
+  # @attr [String] connection_string, The database connection string (required when metastore is rdbms)
+  # @attr [String] replica_read_consistency, For Aurora sessions using write forwarding (eventual, global, session)
+  # @attr [String] dynamo_db_endpoint, An optional endpoint URL (for dynamodb metastore)
+  # @attr [String] dynamo_db_region, The AWS region for DynamoDB requests (for dynamodb metastore)
+  # @attr [String] dynamo_db_table_name, The table name for DynamoDB (for dynamodb metastore)
+  # @attr [Boolean] enable_region_suffix, Configure the metastore to use regional suffixes (for dynamodb metastore)
+  # @attr [String] region_map, List of key-value pairs in the form of REGION1=ARN1[,REGION2=ARN2] (required for aws kms)
+  # @attr [String] preferred_region, The preferred AWS region (required for aws kms)
+  # @attr [Integer] session_cache_max_size, The maximum number of sessions to cache
+  # @attr [Integer] session_cache_duration, The amount of time in seconds a session will remain cached
+  # @attr [Integer] expire_after, The amount of time in seconds a key is considered valid
+  # @attr [Integer] check_interval, The amount of time in seconds before cached keys are considered stale
+  # @attr [Boolean] enable_session_caching, Enable shared session caching
+  # @attr [Boolean] verbose, Enable verbose logging output
+  class Config
+    MAPPING = {
+      service_name: :ServiceName,
+      product_id: :ProductID,
+      kms: :KMS,
+      metastore: :Metastore,
+      connection_string: :ConnectionString,
+      replica_read_consistency: :ReplicaReadConsistency,
+      dynamo_db_endpoint: :DynamoDBEndpoint,
+      dynamo_db_region: :DynamoDBRegion,
+      dynamo_db_table_name: :DynamoDBTableName,
+      enable_region_suffix: :EnableRegionSuffix,
+      region_map: :RegionMap,
+      preferred_region: :PreferredRegion,
+      session_cache_max_size: :SessionCacheMaxSize,
+      session_cache_duration: :SessionCacheDuration,
+      enable_session_caching: :EnableSessionCaching,
+      expire_after: :ExpireAfter,
+      check_interval: :CheckInterval,
+      verbose: :Verbose
+    }.freeze
+
+    KMS_TYPES = ['static', 'aws'].freeze
+    METASTORE_TYPES = ['rdbms', 'dynamodb', 'memory'].freeze
+
+    attr_accessor(*MAPPING.keys)
+
+    def validate!
+      validate_service_name
+      validate_product_id
+      validate_kms
+      validate_metastore
+      validate_kms_attributes
+    end
+
+    def to_json(*args)
+      config = {}.tap do |c|
+        MAPPING.each_pair do |our_key, their_key|
+          value = public_send(our_key)
+          c[their_key] = value unless value.nil?
+        end
+      end
+
+      JSON.generate(config, *args)
+    end
+
+    private
+
+    def validate_service_name
+      raise Error::ConfigError, 'config.service_name not set' if service_name.nil?
+    end
+
+    def validate_product_id
+      raise Error::ConfigError, 'config.product_id not set' if product_id.nil?
+    end
+
+    def validate_kms
+      raise Error::ConfigError, 'config.kms not set' if kms.nil?
+      unless KMS_TYPES.include?(kms)
+        raise Error::ConfigError, "config.kms must be one of these: #{KMS_TYPES.join(', ')}"
+      end
+    end
+
+    def validate_metastore
+      raise Error::ConfigError, 'config.metastore not set' if metastore.nil?
+      unless METASTORE_TYPES.include?(metastore)
+        raise Error::ConfigError, "config.metastore must be one of these: #{METASTORE_TYPES.join(', ')}"
+      end
+    end
+
+    def validate_kms_attributes
+      if kms == 'aws'
+        raise Error::ConfigError, 'config.region_map not set' if region_map.nil?
+        raise Error::ConfigError, 'config.region_map must be a Hash' unless region_map.is_a?(Hash)
+        raise Error::ConfigError, 'config.preferred_region not set' if preferred_region.nil?
+      end
+    end
+  end
+end

data/lib/asherah/data_row_record.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Asherah
+  # DataRowRecord contains the encrypted key and data, as well as the information
+  # required to decrypt the key encryption key. This object data should be stored
+  # in your data persistence as it's required to decrypt data.
+  class DataRowRecord
+    attr_reader :data, :key
+
+    # Initializes a new DataRowRecord
+    #
+    # @param data [String]
+    # @param key [EnvelopeKeyRecord]
+    # @return DataRowRecord
+    def initialize(data:, key:)
+      @data = data
+      @key = key
+    end
+  end
+end

data/lib/asherah/envelope_key_record.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Asherah
+  # EnvelopeKeyRecord represents an encrypted key and is the data structure used
+  # to persist the key in the key table. It also contains the meta data
+  # of the key used to encrypt it.
+  class EnvelopeKeyRecord
+    attr_reader :encrypted_key, :created, :parent_key_meta
+
+    # Initializes a new EnvelopeKeyRecord
+    #
+    # @param encrypted_key [String]
+    # @param created [Integer]
+    # @param parent_key_meta [KeyMeta]
+    # @return EnvelopeKeyRecord
+    def initialize(encrypted_key:, created:, parent_key_meta:)
+      @encrypted_key = encrypted_key
+      @created = created
+      @parent_key_meta = parent_key_meta
+    end
+  end
+end

data/lib/asherah/error.rb

@@ -1,21 +1,28 @@
+# frozen_string_literal: true
 
 module Asherah
+  # Asherah Error converts the error code to error message
   module Error
-    ResultError = Class.new(StandardError)
+    ConfigError = Class.new(StandardError)
+    NotInitialized = Class.new(StandardError)
+    AlreadyInitialized = Class.new(StandardError)
+    GetSessionFailed = Class.new(StandardError)
+    EncryptFailed = Class.new(StandardError)
+    DecryptFailed = Class.new(StandardError)
 
     CODES = {
-      -100 => 'not initialized',
-      -101 => 'already initialized',
-      -102 => 'get session failed',
-      -103 => 'encrypt failed',
-      -104 => 'eecrypt failed'
-    }
+      -100 => NotInitialized,
+      -101 => AlreadyInitialized,
+      -102 => GetSessionFailed,
+      -103 => EncryptFailed,
+      -104 => DecryptFailed
+    }.freeze
 
-    def self.check_result!(scope, result)
-      if result.negative?
-        error_message = Error::CODES.fetch(result) { 'unrecognized' }
-        raise Error::ResultError.new("#{scope} failed: #{error_message}")
-      end
+    def self.check_result!(result, message)
+      return unless result.negative?
+
+      error_class = Error::CODES.fetch(result, StandardError)
+      raise error_class, message
     end
   end
 end

data/lib/asherah/key_meta.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Asherah
+  # KeyMeta contains the `id` and `created` timestamp for an encryption key.
+  class KeyMeta
+    attr_reader :id, :created
+
+    # Initializes a new KeyMeta
+    #
+    # @param id [String]
+    # @param created [Integer]
+    # @return KeyMeta
+    def initialize(id:, created:)
+      @id = id
+      @created = created
+    end
+  end
+end

data/lib/asherah/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Asherah
-  VERSION = '0.1.0.beta.1'
+  VERSION = '0.1.0.beta.2'
 end

data/lib/asherah.rb

@@ -1,123 +1,48 @@
 # frozen_string_literal: true
 
 require_relative 'asherah/version'
+require 'asherah/config'
 require 'asherah/error'
+require 'asherah/key_meta'
+require 'asherah/data_row_record'
+require 'asherah/envelope_key_record'
 require 'cobhan'
 
-# Asherah uses the following data structures: `data_row_record`, `envelope_key_record`, and `key_meta`.
-#
-# `data_row_record` contains the encrypted key and provided data, as well as the information
-# required to decrypt the key encryption key. This struct should be stored in your
-# data persistence as it's required to decrypt data.
-#
-# data_row_record [Hash]
-#   key [Hash], envelope_key_record
-#   data [String]
-#
-# `envelope_key_record` represents an encrypted key and is the data structure used
-# to persist the key in our key table. It also contains the meta data
-# of the key used to encrypt it.
-#
-# envelope_key_record [Hash]
-#   created [Integer]
-#   encrypted_key [String]
-#   parent_key_meta [Hash], key_meta
-#
-# `key_meta` contains the `id` and `created` timestamp for an encryption key.
-#
-# key_meta [Hash]
-#   id [String]
-#   created [Integer]
+# Asherah is a Ruby wrapper around Asherah Go application-layer encryption SDK.
 module Asherah
   extend Cobhan
 
   LIB_ROOT_PATH = File.expand_path('asherah/native', __dir__)
   load_library(LIB_ROOT_PATH, 'libasherah', [
-    [
-      :Setup,
-      [
-        :pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :int32,
-        :pointer, :pointer, :pointer, :pointer, :int32, :int32, :int32
-      ],
-      :int32
-    ],
+    [:SetupJson, [:pointer], :int32],
     [:Encrypt, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int32],
-    [:Decrypt, [:pointer, :pointer, :pointer, :int64, :pointer, :int64, :pointer], :int32]
+    [:Decrypt, [:pointer, :pointer, :pointer, :int64, :pointer, :int64, :pointer], :int32],
+    [:EncryptToJson, [:pointer, :pointer, :pointer], :int32],
+    [:DecryptFromJson, [:pointer, :pointer, :pointer], :int32],
+    [:Shutdown, [], :void]
   ].freeze)
 
   class << self
-    # Initializes Asherah encryption session
+    # Configures Asherah
     #
-    # @param kms_type [String]
-    # @param metastore [String]
-    # @param service_name [String]
-    # @param product_id [String]
-    # @param rdbms_connection_string [String]
-    # @param dynamo_db_endpoint [String]
-    # @param dynamo_db_region [String]
-    # @param dynamo_db_table_name [String]
-    # @param enable_region_suffix [Boolean]
-    # @param preferred_region [String]
-    # @param region_map [String]
-    # @param verbose [Boolean]
-    # @param session_cache [Boolean]
-    # @param debug_output [Boolean]
-    def setup(
-      kms_type:,
-      metastore:,
-      service_name:,
-      product_id:,
-      rdbms_connection_string: '',
-      dynamo_db_endpoint: '',
-      dynamo_db_region: '',
-      dynamo_db_table_name: '',
-      enable_region_suffix: false,
-      preferred_region: '',
-      region_map: '',
-      verbose: false,
-      session_cache: false,
-      debug_output: false
-    )
-      kms_type_buffer = string_to_cbuffer(kms_type)
-      metastore_buffer = string_to_cbuffer(metastore)
-      rdbms_connection_string_buffer = string_to_cbuffer(rdbms_connection_string)
-      dynamo_db_endpoint_buffer = string_to_cbuffer(dynamo_db_endpoint)
-      dynamo_db_region_buffer = string_to_cbuffer(dynamo_db_region)
-      dynamo_db_table_name_buffer = string_to_cbuffer(dynamo_db_table_name)
-      enable_region_suffix_int = enable_region_suffix ? 1 : 0
-      service_name_buffer = string_to_cbuffer(service_name)
-      product_id_buffer = string_to_cbuffer(product_id)
-      preferred_region_buffer = string_to_cbuffer(preferred_region)
-      region_map_buffer = string_to_cbuffer(region_map)
-      verbose_int = verbose ? 1 : 0
-      session_cache_int = session_cache ? 1 : 0
-      debug_output_int = debug_output ? 1 : 0
-
-      result = Setup(
-        kms_type_buffer,
-        metastore_buffer,
-        rdbms_connection_string_buffer,
-        dynamo_db_endpoint_buffer,
-        dynamo_db_region_buffer,
-        dynamo_db_table_name_buffer,
-        enable_region_suffix_int,
-        service_name_buffer,
-        product_id_buffer,
-        preferred_region_buffer,
-        region_map_buffer,
-        verbose_int,
-        session_cache_int,
-        debug_output_int
-      )
+    # @yield [Config]
+    # @return [void]
+    def configure
+      config = Config.new
+      yield config
+      config.validate!
+
+      config_buffer = string_to_cbuffer(config.to_json)
 
-      Error.check_result!('setup', result)
+      result = SetupJson(config_buffer)
+      Error.check_result!(result, 'SetupJson failed')
     end
 
-    # Encrypts data for a given partition_id
+    # Encrypts data for a given partition_id and returns DataRowRecord
     #
     # @param partition_id [String]
     # @param data [String]
-    # @return [Hash], data_row_record
+    # @return [DataRowRecord]
     def encrypt(partition_id, data)
       partition_id_buffer = string_to_cbuffer(partition_id)
       data_buffer = string_to_cbuffer(data)
@@ -136,36 +61,36 @@ module Asherah
         output_parent_key_id_buffer,
         output_parent_key_created_buffer
       )
+      Error.check_result!(result, 'Encrypt failed')
 
-      Error.check_result!('encrypt', result)
-
-      parent_key_id = cbuffer_to_string(output_parent_key_id_buffer)
+      parent_key_meta = KeyMeta.new(
+        id: cbuffer_to_string(output_parent_key_id_buffer),
+        created: buffer_to_int(output_parent_key_created_buffer)
+      )
+      envelope_key_record = EnvelopeKeyRecord.new(
+        encrypted_key: cbuffer_to_string(output_encrypted_key_buffer),
+        created: buffer_to_int(output_created_buffer),
+        parent_key_meta: parent_key_meta
+      )
 
-      {
+      DataRowRecord.new(
         data: cbuffer_to_string(output_encrypted_data_buffer),
-        key: {
-          encrypted_key: cbuffer_to_string(output_encrypted_key_buffer),
-          created: buffer_to_int(output_created_buffer),
-          parent_key_meta: {
-            id: parent_key_id,
-            created: buffer_to_int(output_parent_key_created_buffer)
-          }
-        }
-      }
+        key: envelope_key_record
+      )
     end
 
-    # Decrypts a data_row_record for a partition_id
+    # Decrypts a data_row_record for a partition_id and returns decrypted data
     #
     # @param partition_id [String]
-    # @param data_row_record [Hash], data_row_record
-    # @return [String]
+    # @param data_row_record [DataRowRecord]
+    # @return [String], Decrypted data
     def decrypt(partition_id, data_row_record)
       partition_id_buffer = string_to_cbuffer(partition_id)
-      encrypted_data_buffer = string_to_cbuffer(data_row_record[:data])
-      encrypted_key_buffer = string_to_cbuffer(data_row_record[:key][:encrypted_key])
-      created = data_row_record[:key][:created]
-      parent_key_id_buffer = string_to_cbuffer(data_row_record[:key][:parent_key_meta][:id])
-      parent_key_created = data_row_record[:key][:parent_key_meta][:created]
+      encrypted_data_buffer = string_to_cbuffer(data_row_record.data)
+      encrypted_key_buffer = string_to_cbuffer(data_row_record.key.encrypted_key)
+      created = data_row_record.key.created
+      parent_key_id_buffer = string_to_cbuffer(data_row_record.key.parent_key_meta.id)
+      parent_key_created = data_row_record.key.parent_key_meta.created
 
       output_data_buffer = allocate_cbuffer(encrypted_data_buffer.size + 256)
 
@@ -178,10 +103,45 @@ module Asherah
         parent_key_created,
         output_data_buffer
       )
-
-      Error.check_result!('decrypt', result)
+      Error.check_result!(result, 'Decrypt failed')
 
       cbuffer_to_string(output_data_buffer)
     end
+
+    def shutdown
+      Shutdown()
+    end
+
+    # Encrypts data for a given partition_id and returns DataRowRecord in JSON format
+    #
+    # @param partition_id [String]
+    # @param data [String]
+    # @return [String], DataRowRecord in JSON format
+    def encrypt_to_json(partition_id, data)
+      partition_id_buffer = string_to_cbuffer(partition_id)
+      data_buffer = string_to_cbuffer(data)
+      output_buffer = allocate_cbuffer(data.length + 256)
+
+      result = EncryptToJson(partition_id_buffer, data_buffer, output_buffer)
+      Error.check_result!(result, 'EncryptToJson failed')
+
+      cbuffer_to_string(output_buffer)
+    end
+
+    # Decrypts a DataRowRecord in JSON format for a partition_id and returns decrypted data
+    #
+    # @param partition_id [String]
+    # @param json [String], DataRowRecord in JSON format
+    # @return [String], Decrypted data
+    def decrypt_from_json(partition_id, json)
+      partition_id_buffer = string_to_cbuffer(partition_id)
+      data_buffer = string_to_cbuffer(json)
+      output_buffer = allocate_cbuffer(json.length + 256)
+
+      result = DecryptFromJson(partition_id_buffer, data_buffer, output_buffer)
+      Error.check_result!(result, 'DecryptFromJson failed')
+
+      cbuffer_to_string(output_buffer)
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: asherah
 version: !ruby/object:Gem::Version
-  version: 0.1.0.beta.1
+  version: 0.1.0.beta.2
 platform: x86_64-darwin
 authors:
 - GoDaddy
-autorequire:
+autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-03-07 00:00:00.000000000 Z
+date: 2022-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cobhan
@@ -24,6 +24,76 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.1.2
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.7.6
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.10.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.10.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.21.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.21.2
+- !ruby/object:Gem::Dependency
+  name: simplecov-console
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.1
 description: |
   Asherah is an application-layer encryption SDK that provides advanced
   encryption features and defense in depth against compromise.
@@ -46,7 +116,11 @@ files:
 - SECURITY.md
 - asherah.gemspec
 - lib/asherah.rb
+- lib/asherah/config.rb
+- lib/asherah/data_row_record.rb
+- lib/asherah/envelope_key_record.rb
 - lib/asherah/error.rb
+- lib/asherah/key_meta.rb
 - lib/asherah/native/libasherah-x64.dylib
 - lib/asherah/version.rb
 homepage: https://github.com/godaddy/asherah-ruby
@@ -57,7 +131,7 @@ metadata:
   source_code_uri: https://github.com/godaddy/asherah-ruby
   changelog_uri: https://github.com/godaddy/asherah-ruby/blob/main/CHANGELOG.md
   rubygems_mfa_required: 'true'
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -72,8 +146,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.3.3
-signing_key:
+rubygems_version: 3.3.7
+signing_key: 
 specification_version: 4
 summary: Application Layer Encryption SDK
 test_files: []