attr_keyring 0.2.2 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +11 -0
- data/lib/attr_keyring.rb +2 -2
- data/lib/attr_keyring/active_record.rb +14 -5
- data/lib/attr_keyring/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fd14faa33fac1e6f05f9e66ca58f23f1d25b2ac283a81c0592a443e4141da54b
|
4
|
+
data.tar.gz: b1a5ee0e2351b0ba7662355cacf834de59e21192b3e3e297e3a9116189a528d5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dcee2d1e763ae6386f82d5012504597a7a37011e89680fae7dbae5ede27589d6a08b852bf40518cbafa4c3bd91879a33ca54df59f2a77d0c587ef657d10897f0
|
7
|
+
data.tar.gz: 4112694e88e9c8bf2a6676f99dd70504fec0ed79e6e0ccf2c397a32680d7b0028e1a622750d700e4be67693aa6c0fac16c4b9598296b40d84ed3d9880db13b3c
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -96,6 +96,17 @@ user.encrypted_twitter_oauth_token
|
|
96
96
|
#=> "\xF0\xFD\xE3\x98\x98\xBBBp\xCCV45\x17\xA8\xF2r\x99\xC8W\xB2i\xD0;\xC2>7[\xF0R\xAC\x00s\x8F\x82QW{\x0F\x01\x88\x86\x03w\x0E\xCBJ\xC6q"
|
97
97
|
```
|
98
98
|
|
99
|
+
You may want to store a Base64 version instead of binary data (e.g. `jsonb` column with `store_accessor`). In this case, you may specify the option `encode: true`.
|
100
|
+
|
101
|
+
```ruby
|
102
|
+
class User < ApplicationRecord
|
103
|
+
store_accessor :meta, :twitter_oauth_token
|
104
|
+
|
105
|
+
attr_keyring ENV["USER_KEYRING"]
|
106
|
+
attr_encrypt :twitter_oauth_token, encode: true
|
107
|
+
end
|
108
|
+
```
|
109
|
+
|
99
110
|
### Encryption
|
100
111
|
|
101
112
|
By default, AES-128-CBC is the algorithm used for encryption. This algorithm uses 16 bytes keys. Using 16-bytes of random data base64-encoded is the recommended way. You can easily generate keys by using the following command:
|
data/lib/attr_keyring.rb
CHANGED
@@ -26,13 +26,13 @@ module AttrKeyring
|
|
26
26
|
def inherited(subclass)
|
27
27
|
super
|
28
28
|
|
29
|
-
subclass.keyring_attrs =
|
29
|
+
subclass.keyring_attrs = {}
|
30
30
|
subclass.keyring = Keyring.new({})
|
31
31
|
end
|
32
32
|
end
|
33
33
|
|
34
34
|
cattr_accessor :keyring_column_name, default: "keyring_id"
|
35
|
-
self.keyring_attrs =
|
35
|
+
self.keyring_attrs = {}
|
36
36
|
self.keyring = Keyring.new({})
|
37
37
|
|
38
38
|
before_save :migrate_to_latest_encryption_key
|
@@ -5,9 +5,12 @@ module AttrKeyring
|
|
5
5
|
self.keyring = Keyring.new(keyring, encryptor)
|
6
6
|
end
|
7
7
|
|
8
|
-
def attr_encrypt(*attributes)
|
9
|
-
self.keyring_attrs ||=
|
10
|
-
|
8
|
+
def attr_encrypt(*attributes, encode: true)
|
9
|
+
self.keyring_attrs ||= {}
|
10
|
+
|
11
|
+
attributes.each do |attribute|
|
12
|
+
keyring_attrs[attribute.to_sym] = {encode: encode}
|
13
|
+
end
|
11
14
|
|
12
15
|
attributes.each do |attribute|
|
13
16
|
define_attr_encrypt_writer(attribute)
|
@@ -19,9 +22,11 @@ module AttrKeyring
|
|
19
22
|
define_method("#{attribute}=") do |value|
|
20
23
|
return attr_reset_column(attribute) if value.nil?
|
21
24
|
|
25
|
+
options = self.class.keyring_attrs.fetch(attribute)
|
22
26
|
stored_keyring_id = public_send(keyring_column_name)
|
23
27
|
keyring_id = stored_keyring_id || self.class.keyring.current_key&.id
|
24
28
|
encrypted_value = self.class.keyring.encrypt(value, keyring_id)
|
29
|
+
encrypted_value = Base64.strict_encode64(encrypted_value) if options[:encode]
|
25
30
|
|
26
31
|
public_send("#{keyring_column_name}=", keyring_id) unless stored_keyring_id
|
27
32
|
public_send("encrypted_#{attribute}=", encrypted_value)
|
@@ -35,8 +40,11 @@ module AttrKeyring
|
|
35
40
|
|
36
41
|
return unless encrypted_value
|
37
42
|
|
43
|
+
options = self.class.keyring_attrs.fetch(attribute)
|
44
|
+
encrypted_value = Base64.strict_decode64(encrypted_value) if options[:encode]
|
38
45
|
keyring_id = public_send(keyring_column_name)
|
39
|
-
self.class.keyring.decrypt(encrypted_value, keyring_id)
|
46
|
+
value = self.class.keyring.decrypt(encrypted_value, keyring_id)
|
47
|
+
value
|
40
48
|
end
|
41
49
|
end
|
42
50
|
end
|
@@ -56,9 +64,10 @@ module AttrKeyring
|
|
56
64
|
private def migrate_to_latest_encryption_key
|
57
65
|
keyring_id = self.class.keyring.current_key.id
|
58
66
|
|
59
|
-
self.class.keyring_attrs.each do |attribute|
|
67
|
+
self.class.keyring_attrs.each do |attribute, options|
|
60
68
|
value = public_send(attribute)
|
61
69
|
encrypted_value = self.class.keyring.encrypt(value, keyring_id)
|
70
|
+
encrypted_value = Base64.strict_encode64(encrypted_value) if options[:encode]
|
62
71
|
|
63
72
|
public_send("encrypted_#{attribute}=", encrypted_value)
|
64
73
|
attr_encrypt_digest(attribute, value)
|
data/lib/attr_keyring/version.rb
CHANGED