attr_keyring 0.6.0 → 0.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ee86bffa6e27d8523d423c8e8bfefa90a15733fdda28a60155a71fd67a794917
-  data.tar.gz: 340174053331dc2447f2d980ec97d3a4b429f09ed8052ef991908a2de90ad872
+  metadata.gz: d02280da9cb28259980ea283b6030672957657ead8b895594176eef09d78382b
+  data.tar.gz: 88ddda0bb1d9a85869246e46ab49a8f4889bc0c398d616be9dd162eec239a177
 SHA512:
-  metadata.gz: 3f4d6593813ab7f4e2e8672108d40b44f068c70fc8ccc59c83eae84bba0851ba3e6996633ef66b87b83f2f5c93038b573062b446e93045902623aba5dbcd653c
-  data.tar.gz: e2379acd02af797c2dcf900957404eb6f8552fe1b11f472c4ea8b5a140b06fbda868eec13e65fa998cc27d11274435e329aec3a12b59f516ecc1dddf779b4f4e
+  metadata.gz: 6a3108027fac7dbfee097e7afa3227f58f33560e540f19bc0f0b63cb4e482e8315ffafdbd4360bc31724426c9150109c6b9e46e9ecdf70526ca13cb34a8bee93
+  data.tar.gz: 16a5ca41d03b434dbf2eb4a5751af6595e7d00c93867159c3990a3e1d0a104d170dfd434580eff0420b1b966afe0877ec70362c6d66cad34e89e0f5fed8867d4

data/.github/FUNDING.yml

@@ -0,0 +1,3 @@
+---
+github: [fnando]
+custom: ["https://www.paypal.me/nandovieira/🍕"]

data/.github/dependabot.yml

@@ -0,0 +1,15 @@
+---
+# Documentation:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: bundler
+    directory: "/"
+    schedule:
+      interval: "daily"

data/.github/workflows/tests.yml

@@ -0,0 +1,65 @@
+---
+name: Tests
+
+on:
+  pull_request:
+  push:
+
+jobs:
+  build:
+    name: Tests with Ruby ${{ matrix.ruby }} with ${{ matrix.gemfile }}
+    runs-on: "ubuntu-latest"
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ["2.7", "3.0"]
+        gemfile:
+          - gemfiles/7_0.gemfile
+          - gemfiles/6_0.gemfile
+
+    services:
+      postgres:
+        image: postgres:11.5
+        ports: ["5432:5432"]
+        options:
+          --health-cmd pg_isready --health-interval 10s --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - uses: actions/checkout@v1
+
+      - uses: actions/cache@v2
+        with:
+          path: vendor/bundle
+          key: >
+            ${{ runner.os }}-${{ matrix.ruby }}-gems-${{
+            hashFiles('**/attr_keyring.gemspec') }}
+          restore-keys: >
+            ${{ runner.os }}-${{ matrix.ruby }}-gems-${{
+            hashFiles('**/attr_keyring.gemspec') }}
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+
+      - name: Install PostgreSQL 11 client
+        run: |
+          sudo apt-get -yqq install libpq-dev
+
+      - name: Install gem dependencies
+        env:
+          BUNDLE_GEMFILE: ${{ matrix.gemfile }}
+        run: |
+          gem install bundler
+          bundle config path vendor/bundle
+          bundle update --jobs 4 --retry 3
+
+      - name: Run Tests
+        env:
+          PGHOST: localhost
+          PGUSER: postgres
+          BUNDLE_GEMFILE: ${{ matrix.gemfile }}
+        run: |
+          psql -U postgres -c "create database test"
+          bundle exec rake

data/.rubocop.yml

@@ -3,7 +3,10 @@ inherit_gem:
   rubocop-fnando: .rubocop.yml
 
 AllCops:
-  TargetRubyVersion: 2.6
+  TargetRubyVersion: 2.5
+  Exclude:
+    - vendor/**/*
+    - gemfiles/**/*
 
 Metrics/AbcSize:
   Enabled: false

data/README.md

@@ -1,19 +1,21 @@
-![attr_keyring: Simple encryption-at-rest with key rotation support for Ruby.](https://raw.githubusercontent.com/fnando/attr_keyring/master/attr_keyring.png)
+![attr_keyring: Simple encryption-at-rest with key rotation support for Ruby.](https://raw.githubusercontent.com/fnando/attr_keyring/main/attr_keyring.png)
 
 <p align="center">
-  <a href="https://travis-ci.org/fnando/attr_keyring"><img src="https://travis-ci.org/fnando/attr_keyring.svg" alt="Travis-CI"></a>
+  <a href="https://github.com/fnando/attr_keyring/actions?query=workflow%3ATests"><img src="https://github.com/fnando/attr_keyring/workflows/Tests/badge.svg" alt="Tests"></a>
   <a href="https://codeclimate.com/github/fnando/attr_keyring"><img src="https://codeclimate.com/github/fnando/attr_keyring/badges/gpa.svg" alt="Code Climate"></a>
-  <a href="https://codeclimate.com/github/fnando/attr_keyring/coverage"><img src="https://codeclimate.com/github/fnando/attr_keyring/badges/coverage.svg" alt="Test Coverage"></a>
   <a href="https://rubygems.org/gems/attr_keyring"><img src="https://img.shields.io/gem/v/attr_keyring.svg" alt="Gem"></a>
   <a href="https://rubygems.org/gems/attr_keyring"><img src="https://img.shields.io/gem/dt/attr_keyring.svg" alt="Gem"></a>
 </p>
 
-N.B.: attr_keyring is *not* for encrypting passwords--for that, you should use something like [bcrypt](https://github.com/codahale/bcrypt-ruby). It's meant for encrypting sensitive data you will need to access in plain text (e.g. storing OAuth token from users). Passwords do not fall in that category.
+N.B.: attr_keyring is not for encrypting passwords--for that, you should use
+something like [bcrypt](https://github.com/codahale/bcrypt-ruby). It's meant for
+encrypting sensitive data you will need to access in plain text (e.g. storing
+OAuth token from users). Passwords do not fall in that category.
 
 This library is heavily inspired by
 [attr_vault](https://github.com/uhoh-itsmaciek/attr_vault), and can read
-encrypted messages if you encode them in base64
-(e.g. `Base64.strict_encode64(encrypted_by_attr_vault)`).
+encrypted messages if you encode them in base64 (e.g.
+`Base64.strict_encode64(encrypted_by_attr_vault)`).
 
 ## Installation
 
@@ -67,7 +69,7 @@ example uses `AES-256-CBC`.
 ```ruby
 keyring = Keyring.new(
   "1" => "uDiMcWVNTuz//naQ88sOcN+E40CyBRGzGTT7OkoBS6M=",
-  encryptor: Keyring::Encryptor::AES256CBC,
+  encryptor: Keyring::Encryptor::AES::AES256CBC,
   digest_salt: "<custom salt>"
 )
 ```
@@ -179,11 +181,12 @@ contradictory that something has to be unpredictable and unique, but does not
 have to be secret; it is important to remember that an attacker must not be able
 to predict ahead of time what a given IV will be.
 
-With that in mind, _attr_keyring_ uses `base64(hmac(unencrypted iv + encrypted
-message) + unencrypted iv + encrypted message)` as the final message. If you're
-planning to migrate from other encryption mechanisms or read encrypted values
-from the database without using _attr_keyring_, make sure you account for this.
-The HMAC is 32-bytes long and the IV is 16-bytes long.
+With that in mind, _attr_keyring_ uses
+`base64(hmac(unencrypted iv + encrypted message) + unencrypted iv + encrypted message)`
+as the final message. If you're planning to migrate from other encryption
+mechanisms or read encrypted values from the database without using
+_attr_keyring_, make sure you account for this. The HMAC is 32-bytes long and
+the IV is 16-bytes long.
 
 ### Keyring
 
@@ -204,13 +207,14 @@ encryption key.
 
 #### Dynamically loading keyring
 
-If you're using Rails 5.2+, you can use credentials to define your keyring.
-Your `credentials.yml` must be define like the following:
+If you're using Rails 5.2+, you can use credentials to define your keyring. Your
+`credentials.yml` must be define like the following:
 
 ```yaml
+---
 user_keyring:
-  1: "QSXyoiRDPoJmfkJUZ4hJeQ=="
-  2: "r6AfOeilPDJomFsiOXLdfQ=="
+  "1": "QSXyoiRDPoJmfkJUZ4hJeQ=="
+  "2": "r6AfOeilPDJomFsiOXLdfQ=="
 ```
 
 Then you can setup your model by using
@@ -330,12 +334,11 @@ The gem is available as open source under the terms of the
 
 ## Icon
 
-Icon made by [Icongeek26](https://www.flaticon.com/authors/icongeek26)
-from [Flaticon](https://www.flaticon.com/) is licensed by Creative Commons BY
-3.0.
+Icon made by [Icongeek26](https://www.flaticon.com/authors/icongeek26) from
+[Flaticon](https://www.flaticon.com/) is licensed by Creative Commons BY 3.0.
 
 ## Code of Conduct
 
 Everyone interacting in the attr_keyring project’s codebases, issue trackers,
 chat rooms and mailing lists is expected to follow the
-[code of conduct](https://github.com/fnando/attr_keyring/blob/master/CODE_OF_CONDUCT.md).
+[code of conduct](https://github.com/fnando/attr_keyring/blob/main/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -16,4 +16,4 @@ task(:rubocop) do
   RuboCop::CLI.new.run(["--config", File.join(__dir__, ".rubocop.yml")])
 end
 
-task :default => [:test, :rubocop] # rubocop:disable Style/HashSyntax, Style/SymbolArray
+task default: %i[test rubocop]

data/attr_keyring.gemspec

@@ -12,15 +12,14 @@ Gem::Specification.new do |spec|
   spec.description   = spec.summary
   spec.homepage      = "https://github.com/fnando/attr_keyring"
   spec.license       = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.5.0")
 
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added
-  # into git.
-  spec.files         = Dir.chdir(File.expand_path(__dir__)) do
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
     `git ls-files -z`
       .split("\x0")
       .reject {|f| f.match(%r{^(test|spec|features)/}) }
   end
+
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) {|f| File.basename(f) }
   spec.require_paths = ["lib"]

data/gemfiles/{5_2.gemfile → 7_0.gemfile}

@@ -2,4 +2,4 @@
 
 source "https://rubygems.org"
 gemspec path: ".."
-gem "activerecord", "~> 5.2.0"
+gem "activerecord", "~> 7.0.0.rc1"

data/lib/attr_keyring/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AttrKeyring
-  VERSION = "0.6.0"
+  VERSION = "0.6.1"
 end

data/lib/attr_keyring.rb

@@ -20,9 +20,7 @@ module AttrKeyring
       include InstanceMethods
 
       class << self
-        attr_accessor :encrypted_attributes
-        attr_accessor :keyring
-        attr_accessor :keyring_column_name
+        attr_accessor :encrypted_attributes, :keyring, :keyring_column_name
       end
 
       self.encrypted_attributes = []

data/lib/keyring/encryptor/aes.rb

@@ -38,7 +38,7 @@ module Keyring
           expected_hmac = hmac_digest(key.signing_key, encrypted_payload)
 
           unless verify_signature(expected_hmac, hmac)
-            raise InvalidAuthentication, "Expected HMAC to be #{Base64.strict_encode64(expected_hmac)}; got #{Base64.strict_encode64(hmac)} instead" # rubocop:disable Metrics/LineLength
+            raise InvalidAuthentication, "Expected HMAC to be #{Base64.strict_encode64(expected_hmac)}; got #{Base64.strict_encode64(hmac)} instead" # rubocop:disable Layout/LineLength
           end
 
           cipher.iv = iv

data/lib/keyring/key.rb

@@ -5,7 +5,7 @@ module Keyring
     attr_reader :id, :signing_key, :encryption_key
 
     def initialize(id, key, key_size)
-      @id = Integer(id)
+      @id = Integer(id.to_s)
       @key_size = key_size
       @encryption_key, @signing_key = parse_key(key)
     end
@@ -20,7 +20,7 @@ module Keyring
       secret = decode_key(key, expected_key_size)
 
       unless secret.bytesize == expected_key_size
-        raise InvalidSecret, "Secret must be #{expected_key_size} bytes, instead got #{secret.bytesize}" # rubocop:disable Metrics/LineLength
+        raise InvalidSecret, "Secret must be #{expected_key_size} bytes, instead got #{secret.bytesize}" # rubocop:disable Layout/LineLength
       end
 
       signing_key = secret[0...@key_size]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: attr_keyring
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.6.1
 platform: ruby
 authors:
 - Nando Vieira
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-02-01 00:00:00.000000000 Z
+date: 2021-12-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -185,9 +185,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/FUNDING.yml"
+- ".github/dependabot.yml"
+- ".github/workflows/tests.yml"
 - ".gitignore"
 - ".rubocop.yml"
-- ".travis.yml"
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.txt
@@ -201,8 +203,8 @@ files:
 - examples/active_record_sample.rb
 - examples/keyring_sample.rb
 - examples/sequel_sample.rb
-- gemfiles/5_2.gemfile
 - gemfiles/6_0.gemfile
+- gemfiles/7_0.gemfile
 - lib/attr_keyring.rb
 - lib/attr_keyring/active_record.rb
 - lib/attr_keyring/sequel.rb
@@ -214,7 +216,7 @@ homepage: https://github.com/fnando/attr_keyring
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -222,15 +224,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: Simple encryption-at-rest plugin for ActiveRecord.
 test_files: []

data/.travis.yml

@@ -1,25 +0,0 @@
----
-
-language: ruby
-cache: bundler
-sudo: false
-notifications:
-  email: false
-rvm:
-  - 2.6.5
-  - 2.5.7
-services:
-  - postgresql
-gemfiles:
-  - gemfiles/6_0.gemfile
-  - gemfiles/5_2.gemfile
-before_script:
-  - createdb test
-  - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
-  - chmod +x ./cc-test-reporter
-  - "./cc-test-reporter before-build"
-after_script:
-  - "./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT"
-env:
-  global:
-    secure: c0y7opFgX78UQL0dVq2gciMr3Ca4y4Aw4cSbQMnUwGecwuzOPUhjV98yy4b6EpQ0bLVbVcSPtx/PCVV750nxJPQsz9tWS0yGxQPBXuh2w0AX+ErYJVYaF6+hTjovEiHB86Q9g8YCD29CIMLZs2yeUrB+ORJWQcuAn8fw475Zskk8d8BWqR8CDdonFKlwS0Bx6rOqkyVy0JiNbOM4+trV/RzrNC+dc1geqOo45ceTYiGzkkMU1XANjNhzl/v0DYtCWLF/Dj1s8da96btqU6msZDfsBM73zKWtu0KJMnzqa8Ba4Tjc39kd2ro6Zb22cELBdXOFBvNCAEjbmZIaJ2OC45fES1OGZnB66SjAScdVdxKy2jOWjlFvrRiHu3Zrbl5tFTEaJ/PMHueQn4AzneK1wU2kzjq5iCwBZtMp/iJtCvz0V6qBt77qJe65YuENhcj26cDMqQkhKd0QBTWNs8r02KY3HFKcprgM+2TXxVSvfDu2cbiMInvc3K+uFNnEbu/1piTyStKWGd64WHixV6CEFpHxLU04IUNB62mSvUZtZ6V782X9kawoRyUg6lWvXmnGUUvczdJdpSR5/3gVXOWHireYy/qA6Zqoup27PPoaNgnKCa/fWvN/aJDvrGJb9OWpiK8DGi6T35V5gtDF+vd8mVzyPnYJznlWLgA5m7FSzLg=