attr_keyring 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +11 -0
  4. data/lib/attr_keyring.rb +2 -2
  5. data/lib/attr_keyring/active_record.rb +14 -5
  6. data/lib/attr_keyring/version.rb +1 -1
  7. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4a80344a57c60c546692d38f9d117129a9ad8f6ab796247de5a6188bbdddbd7a
4
- data.tar.gz: 5842f654124fcd2de9c409b3464ff36b029a79dc19f2be973fabafb316f139ed
3
+ metadata.gz: fd14faa33fac1e6f05f9e66ca58f23f1d25b2ac283a81c0592a443e4141da54b
4
+ data.tar.gz: b1a5ee0e2351b0ba7662355cacf834de59e21192b3e3e297e3a9116189a528d5
5
5
  SHA512:
6
- metadata.gz: a734ba2ae31db2ee0875d1cde94184a389f319242f01bce6cce70b561ba14e7075c7926dd8b82bd313bacbcdbb8148e7ddf2f91a46a532065e85d79a18db4fd7
7
- data.tar.gz: 47499f9c934a7956588586c27fb07a6a913d8d658ee46a3d6b8d619af2e8df2af4a4d2fdc01cf6e749139c774d0aabe8ecac51ab6ff0d6b9e0e9f32821b97416
6
+ metadata.gz: dcee2d1e763ae6386f82d5012504597a7a37011e89680fae7dbae5ede27589d6a08b852bf40518cbafa4c3bd91879a33ca54df59f2a77d0c587ef657d10897f0
7
+ data.tar.gz: 4112694e88e9c8bf2a6676f99dd70504fec0ed79e6e0ccf2c397a32680d7b0028e1a622750d700e4be67693aa6c0fac16c4b9598296b40d84ed3d9880db13b3c
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- attr_keyring (0.2.2)
4
+ attr_keyring (0.3.0)
5
5
  activerecord
6
6
 
7
7
  GEM
data/README.md CHANGED
@@ -96,6 +96,17 @@ user.encrypted_twitter_oauth_token
96
96
  #=> "\xF0\xFD\xE3\x98\x98\xBBBp\xCCV45\x17\xA8\xF2r\x99\xC8W\xB2i\xD0;\xC2>7[\xF0R\xAC\x00s\x8F\x82QW{\x0F\x01\x88\x86\x03w\x0E\xCBJ\xC6q"
97
97
  ```
98
98
 
99
+ You may want to store a Base64 version instead of binary data (e.g. `jsonb` column with `store_accessor`). In this case, you may specify the option `encode: true`.
100
+
101
+ ```ruby
102
+ class User < ApplicationRecord
103
+ store_accessor :meta, :twitter_oauth_token
104
+
105
+ attr_keyring ENV["USER_KEYRING"]
106
+ attr_encrypt :twitter_oauth_token, encode: true
107
+ end
108
+ ```
109
+
99
110
  ### Encryption
100
111
 
101
112
  By default, AES-128-CBC is the algorithm used for encryption. This algorithm uses 16 bytes keys. Using 16-bytes of random data base64-encoded is the recommended way. You can easily generate keys by using the following command:
data/lib/attr_keyring.rb CHANGED
@@ -26,13 +26,13 @@ module AttrKeyring
26
26
  def inherited(subclass)
27
27
  super
28
28
 
29
- subclass.keyring_attrs = []
29
+ subclass.keyring_attrs = {}
30
30
  subclass.keyring = Keyring.new({})
31
31
  end
32
32
  end
33
33
 
34
34
  cattr_accessor :keyring_column_name, default: "keyring_id"
35
- self.keyring_attrs = []
35
+ self.keyring_attrs = {}
36
36
  self.keyring = Keyring.new({})
37
37
 
38
38
  before_save :migrate_to_latest_encryption_key
data/lib/attr_keyring/active_record.rb CHANGED
@@ -5,9 +5,12 @@ module AttrKeyring
5
5
  self.keyring = Keyring.new(keyring, encryptor)
6
6
  end
7
7
 
8
- def attr_encrypt(*attributes)
9
- self.keyring_attrs ||= []
10
- keyring_attrs.push(*attributes)
8
+ def attr_encrypt(*attributes, encode: true)
9
+ self.keyring_attrs ||= {}
10
+
11
+ attributes.each do |attribute|
12
+ keyring_attrs[attribute.to_sym] = {encode: encode}
13
+ end
11
14
 
12
15
  attributes.each do |attribute|
13
16
  define_attr_encrypt_writer(attribute)
@@ -19,9 +22,11 @@ module AttrKeyring
19
22
  define_method("#{attribute}=") do |value|
20
23
  return attr_reset_column(attribute) if value.nil?
21
24
 
25
+ options = self.class.keyring_attrs.fetch(attribute)
22
26
  stored_keyring_id = public_send(keyring_column_name)
23
27
  keyring_id = stored_keyring_id || self.class.keyring.current_key&.id
24
28
  encrypted_value = self.class.keyring.encrypt(value, keyring_id)
29
+ encrypted_value = Base64.strict_encode64(encrypted_value) if options[:encode]
25
30
 
26
31
  public_send("#{keyring_column_name}=", keyring_id) unless stored_keyring_id
27
32
  public_send("encrypted_#{attribute}=", encrypted_value)
@@ -35,8 +40,11 @@ module AttrKeyring
35
40
 
36
41
  return unless encrypted_value
37
42
 
43
+ options = self.class.keyring_attrs.fetch(attribute)
44
+ encrypted_value = Base64.strict_decode64(encrypted_value) if options[:encode]
38
45
  keyring_id = public_send(keyring_column_name)
39
- self.class.keyring.decrypt(encrypted_value, keyring_id)
46
+ value = self.class.keyring.decrypt(encrypted_value, keyring_id)
47
+ value
40
48
  end
41
49
  end
42
50
  end
@@ -56,9 +64,10 @@ module AttrKeyring
56
64
  private def migrate_to_latest_encryption_key
57
65
  keyring_id = self.class.keyring.current_key.id
58
66
 
59
- self.class.keyring_attrs.each do |attribute|
67
+ self.class.keyring_attrs.each do |attribute, options|
60
68
  value = public_send(attribute)
61
69
  encrypted_value = self.class.keyring.encrypt(value, keyring_id)
70
+ encrypted_value = Base64.strict_encode64(encrypted_value) if options[:encode]
62
71
 
63
72
  public_send("encrypted_#{attribute}=", encrypted_value)
64
73
  attr_encrypt_digest(attribute, value)
data/lib/attr_keyring/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module AttrKeyring
2
- VERSION = "0.2.2".freeze
2
+ VERSION = "0.3.0".freeze
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: attr_keyring
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nando Vieira