attr_keyring 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +9 -1
- data/README.md +16 -1
- data/attr_keyring.gemspec +1 -0
- data/lib/attr_keyring/active_record.rb +23 -6
- data/lib/attr_keyring/version.rb +1 -1
- metadata +15 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: caf27704434485775f0d328115de5a7803784efea398278d2ab091f90812fe69
|
|
4
|
+
data.tar.gz: 52ee0ed25266480a59444793108e5839d5c09064f50f8280bfe5a056ce827046
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6eb5b417fdb67fd63d72d7cb263f26269192658d8b92b498a168163321cd5be68734244494161755911082b509f6cd16b340d253d8b88208b0586831a7c471de
|
|
7
|
+
data.tar.gz: 68bb5d48c931766027d4e6541044263f16c117d3628577a0a9bf79bddeace82dc25773d8d8b0b387ab24a39c7a58f01e94a6376a74740f0b5f53faaf01e7832d
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
attr_keyring (0.1.
|
|
4
|
+
attr_keyring (0.1.1)
|
|
5
5
|
activerecord
|
|
6
6
|
|
|
7
7
|
GEM
|
|
@@ -24,9 +24,11 @@ GEM
|
|
|
24
24
|
byebug (10.0.2)
|
|
25
25
|
coderay (1.1.2)
|
|
26
26
|
concurrent-ruby (1.1.3)
|
|
27
|
+
docile (1.3.1)
|
|
27
28
|
i18n (1.1.1)
|
|
28
29
|
concurrent-ruby (~> 1.0)
|
|
29
30
|
jaro_winkler (1.5.1)
|
|
31
|
+
json (2.1.0)
|
|
30
32
|
method_source (0.9.2)
|
|
31
33
|
minitest (5.11.3)
|
|
32
34
|
minitest-utils (0.4.4)
|
|
@@ -60,6 +62,11 @@ GEM
|
|
|
60
62
|
ruby-progressbar (~> 1.7)
|
|
61
63
|
unicode-display_width (~> 1.4.0)
|
|
62
64
|
ruby-progressbar (1.10.0)
|
|
65
|
+
simplecov (0.16.1)
|
|
66
|
+
docile (~> 1.1)
|
|
67
|
+
json (>= 1.8, < 3)
|
|
68
|
+
simplecov-html (~> 0.10.0)
|
|
69
|
+
simplecov-html (0.10.2)
|
|
63
70
|
slop (3.6.0)
|
|
64
71
|
sqlite3 (1.3.13)
|
|
65
72
|
thread_safe (0.3.6)
|
|
@@ -77,6 +84,7 @@ DEPENDENCIES
|
|
|
77
84
|
pry-meta
|
|
78
85
|
rake
|
|
79
86
|
rubocop
|
|
87
|
+
simplecov
|
|
80
88
|
sqlite3
|
|
81
89
|
|
|
82
90
|
BUNDLED WITH
|
data/README.md
CHANGED
|
@@ -53,7 +53,22 @@ Keys are managed through a keyring--a short JSON document describing your encryp
|
|
|
53
53
|
|
|
54
54
|
The `id` is used to track which key encrypted which piece of data; a key with a larger id is assumed to be newer. The value is the actual bytes of the encryption key.
|
|
55
55
|
|
|
56
|
-
|
|
56
|
+
#### Dynamically loading keyring
|
|
57
|
+
|
|
58
|
+
If you're using Rails 5.2+, you can use credentials to define your keyring. Your `credentials.yml` must be define like the following:
|
|
59
|
+
|
|
60
|
+
```yaml
|
|
61
|
+
user_keyring:
|
|
62
|
+
1: "PV8+EHgJlHfsVVVstJHgEo+3OCSn4iJDzqJs55U650Q="
|
|
63
|
+
2: "0HyJ15am4haRsCyiFCxDdlKwl3G5yPNKTUbadpaIfPI="
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
Then you can setup your model by using `attr_keyring Rails.application.credentials.user_keyring`.
|
|
67
|
+
|
|
68
|
+
Other possibilities (e.g. the keyring file is provided by configuration management):
|
|
69
|
+
|
|
70
|
+
- `attr_keyring YAML.load_file(keyring_file)`
|
|
71
|
+
- `attr_keyring JSON.parse(File.read(keyring_file))`.
|
|
57
72
|
|
|
58
73
|
### Model Setup
|
|
59
74
|
|
data/attr_keyring.gemspec
CHANGED
|
@@ -16,23 +16,42 @@ module AttrKeyring
|
|
|
16
16
|
|
|
17
17
|
def define_attr_encrypt_writer(attribute)
|
|
18
18
|
define_method("#{attribute}=") do |value|
|
|
19
|
-
|
|
19
|
+
return attr_reset_column(attribute) if value.nil?
|
|
20
|
+
|
|
21
|
+
stored_keyring_id = public_send(keyring_column_name)
|
|
22
|
+
keyring_id = stored_keyring_id || keyring.current_key&.id
|
|
20
23
|
encrypted_value = keyring.encrypt(value, keyring_id)
|
|
21
24
|
|
|
25
|
+
public_send("#{keyring_column_name}=", keyring_id) unless stored_keyring_id
|
|
22
26
|
public_send("encrypted_#{attribute}=", encrypted_value)
|
|
23
|
-
|
|
27
|
+
attr_encrypt_digest(attribute, value)
|
|
24
28
|
end
|
|
25
29
|
end
|
|
26
30
|
|
|
27
31
|
def define_attr_encrypt_reader(attribute)
|
|
28
32
|
define_method(attribute) do
|
|
33
|
+
encrypted_value = public_send("encrypted_#{attribute}")
|
|
34
|
+
|
|
35
|
+
return unless encrypted_value
|
|
36
|
+
|
|
29
37
|
keyring_id = public_send(keyring_column_name)
|
|
30
|
-
keyring.decrypt(
|
|
38
|
+
keyring.decrypt(encrypted_value, keyring_id)
|
|
31
39
|
end
|
|
32
40
|
end
|
|
33
41
|
end
|
|
34
42
|
|
|
35
43
|
module InstanceMethods
|
|
44
|
+
private def attr_reset_column(attribute)
|
|
45
|
+
public_send("encrypted_#{attribute}=", nil)
|
|
46
|
+
public_send("#{attribute}_digest=", nil)
|
|
47
|
+
nil
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
private def attr_encrypt_digest(attribute, value)
|
|
51
|
+
digest_column = "#{attribute}_digest"
|
|
52
|
+
public_send("#{digest_column}=", Digest::SHA256.hexdigest(value)) if respond_to?(digest_column)
|
|
53
|
+
end
|
|
54
|
+
|
|
36
55
|
private def migrate_to_latest_encryption_key
|
|
37
56
|
keyring_id = keyring.current_key.id
|
|
38
57
|
|
|
@@ -41,9 +60,7 @@ module AttrKeyring
|
|
|
41
60
|
encrypted_value = keyring.encrypt(value, keyring_id)
|
|
42
61
|
|
|
43
62
|
public_send("encrypted_#{attribute}=", encrypted_value)
|
|
44
|
-
|
|
45
|
-
digest_column = "#{attribute}_digest"
|
|
46
|
-
public_send("#{digest_column}=", Digest::SHA256.hexdigest(value)) if respond_to?(digest_column)
|
|
63
|
+
attr_encrypt_digest(attribute, value)
|
|
47
64
|
end
|
|
48
65
|
|
|
49
66
|
public_send("#{keyring_column_name}=", keyring_id)
|
data/lib/attr_keyring/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: attr_keyring
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nando Vieira
|
|
@@ -94,6 +94,20 @@ dependencies:
|
|
|
94
94
|
- - ">="
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '0'
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: simplecov
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - ">="
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: '0'
|
|
104
|
+
type: :development
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - ">="
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: '0'
|
|
97
111
|
- !ruby/object:Gem::Dependency
|
|
98
112
|
name: sqlite3
|
|
99
113
|
requirement: !ruby/object:Gem::Requirement
|