attr_keyring 0.2.2 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +11 -0
  4. data/lib/attr_keyring.rb +2 -2
  5. data/lib/attr_keyring/active_record.rb +14 -5
  6. data/lib/attr_keyring/version.rb +1 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4a80344a57c60c546692d38f9d117129a9ad8f6ab796247de5a6188bbdddbd7a
4
- data.tar.gz: 5842f654124fcd2de9c409b3464ff36b029a79dc19f2be973fabafb316f139ed
3
+ metadata.gz: fd14faa33fac1e6f05f9e66ca58f23f1d25b2ac283a81c0592a443e4141da54b
4
+ data.tar.gz: b1a5ee0e2351b0ba7662355cacf834de59e21192b3e3e297e3a9116189a528d5
5
5
  SHA512:
6
- metadata.gz: a734ba2ae31db2ee0875d1cde94184a389f319242f01bce6cce70b561ba14e7075c7926dd8b82bd313bacbcdbb8148e7ddf2f91a46a532065e85d79a18db4fd7
7
- data.tar.gz: 47499f9c934a7956588586c27fb07a6a913d8d658ee46a3d6b8d619af2e8df2af4a4d2fdc01cf6e749139c774d0aabe8ecac51ab6ff0d6b9e0e9f32821b97416
6
+ metadata.gz: dcee2d1e763ae6386f82d5012504597a7a37011e89680fae7dbae5ede27589d6a08b852bf40518cbafa4c3bd91879a33ca54df59f2a77d0c587ef657d10897f0
7
+ data.tar.gz: 4112694e88e9c8bf2a6676f99dd70504fec0ed79e6e0ccf2c397a32680d7b0028e1a622750d700e4be67693aa6c0fac16c4b9598296b40d84ed3d9880db13b3c
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- attr_keyring (0.2.2)
4
+ attr_keyring (0.3.0)
5
5
  activerecord
6
6
 
7
7
  GEM
data/README.md CHANGED
@@ -96,6 +96,17 @@ user.encrypted_twitter_oauth_token
96
96
  #=> "\xF0\xFD\xE3\x98\x98\xBBBp\xCCV45\x17\xA8\xF2r\x99\xC8W\xB2i\xD0;\xC2>7[\xF0R\xAC\x00s\x8F\x82QW{\x0F\x01\x88\x86\x03w\x0E\xCBJ\xC6q"
97
97
  ```
98
98
 
99
+ You may want to store a Base64 version instead of binary data (e.g. `jsonb` column with `store_accessor`). In this case, you may specify the option `encode: true`.
100
+
101
+ ```ruby
102
+ class User < ApplicationRecord
103
+ store_accessor :meta, :twitter_oauth_token
104
+
105
+ attr_keyring ENV["USER_KEYRING"]
106
+ attr_encrypt :twitter_oauth_token, encode: true
107
+ end
108
+ ```
109
+
99
110
  ### Encryption
100
111
 
101
112
  By default, AES-128-CBC is the algorithm used for encryption. This algorithm uses 16 bytes keys. Using 16-bytes of random data base64-encoded is the recommended way. You can easily generate keys by using the following command:
data/lib/attr_keyring.rb CHANGED
@@ -26,13 +26,13 @@ module AttrKeyring
26
26
  def inherited(subclass)
27
27
  super
28
28
 
29
- subclass.keyring_attrs = []
29
+ subclass.keyring_attrs = {}
30
30
  subclass.keyring = Keyring.new({})
31
31
  end
32
32
  end
33
33
 
34
34
  cattr_accessor :keyring_column_name, default: "keyring_id"
35
- self.keyring_attrs = []
35
+ self.keyring_attrs = {}
36
36
  self.keyring = Keyring.new({})
37
37
 
38
38
  before_save :migrate_to_latest_encryption_key
data/lib/attr_keyring/active_record.rb CHANGED
@@ -5,9 +5,12 @@ module AttrKeyring
5
5
  self.keyring = Keyring.new(keyring, encryptor)
6
6
  end
7
7
 
8
- def attr_encrypt(*attributes)
9
- self.keyring_attrs ||= []
10
- keyring_attrs.push(*attributes)
8
+ def attr_encrypt(*attributes, encode: true)
9
+ self.keyring_attrs ||= {}
10
+
11
+ attributes.each do |attribute|
12
+ keyring_attrs[attribute.to_sym] = {encode: encode}
13
+ end
11
14
 
12
15
  attributes.each do |attribute|
13
16
  define_attr_encrypt_writer(attribute)
@@ -19,9 +22,11 @@ module AttrKeyring
19
22
  define_method("#{attribute}=") do |value|
20
23
  return attr_reset_column(attribute) if value.nil?
21
24
 
25
+ options = self.class.keyring_attrs.fetch(attribute)
22
26
  stored_keyring_id = public_send(keyring_column_name)
23
27
  keyring_id = stored_keyring_id || self.class.keyring.current_key&.id
24
28
  encrypted_value = self.class.keyring.encrypt(value, keyring_id)
29
+ encrypted_value = Base64.strict_encode64(encrypted_value) if options[:encode]
25
30
 
26
31
  public_send("#{keyring_column_name}=", keyring_id) unless stored_keyring_id
27
32
  public_send("encrypted_#{attribute}=", encrypted_value)
@@ -35,8 +40,11 @@ module AttrKeyring
35
40
 
36
41
  return unless encrypted_value
37
42
 
43
+ options = self.class.keyring_attrs.fetch(attribute)
44
+ encrypted_value = Base64.strict_decode64(encrypted_value) if options[:encode]
38
45
  keyring_id = public_send(keyring_column_name)
39
- self.class.keyring.decrypt(encrypted_value, keyring_id)
46
+ value = self.class.keyring.decrypt(encrypted_value, keyring_id)
47
+ value
40
48
  end
41
49
  end
42
50
  end
@@ -56,9 +64,10 @@ module AttrKeyring
56
64
  private def migrate_to_latest_encryption_key
57
65
  keyring_id = self.class.keyring.current_key.id
58
66
 
59
- self.class.keyring_attrs.each do |attribute|
67
+ self.class.keyring_attrs.each do |attribute, options|
60
68
  value = public_send(attribute)
61
69
  encrypted_value = self.class.keyring.encrypt(value, keyring_id)
70
+ encrypted_value = Base64.strict_encode64(encrypted_value) if options[:encode]
62
71
 
63
72
  public_send("encrypted_#{attribute}=", encrypted_value)
64
73
  attr_encrypt_digest(attribute, value)
data/lib/attr_keyring/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AttrKeyring
2
- VERSION = "0.2.2".freeze
2
+ VERSION = "0.3.0".freeze
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: attr_keyring
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nando Vieira