attr_vault 0.0.9 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 79953f549103ea6e7aacb9e6a16202602b97cd63
-  data.tar.gz: f1ae2035a82fe167289b43756c43d9aa8bce0ce5
+  metadata.gz: 357be9f5ce89b5473ebde27f6b12821149b72c69
+  data.tar.gz: 548d448526fb2c375bd77d88876c2b1317df45b2
 SHA512:
-  metadata.gz: bbfcd6f8aa8df8c3f082f2a6777c593fda49693978626e033c3848c4bdd996e41e5835d44c73b8116a7ecb8e208b4a106e117e517b0d19b9e0a2fe545766c791
-  data.tar.gz: 7d8b9d5126597a491ab1a5f40299c2b8f4356026b4b27b150675bc0c7183bb4e39648c96b75a80d5c13971d2728ae5d9ae36a0cd1518e24c9f5a6c36f7b99d3d
+  metadata.gz: 1cf7d0c6455857d0c15b7aff5bff86884223e660708767faae36ccadb0d06cf098845123609cb65f9e71baf008542fdb4d50b1b2efc459efc9491a97ebfa7d0e
+  data.tar.gz: f3108dfbe9dd22231243a971f12c5162d785e959a26f668a6b904e32a5ea856fa1e87afc600a408efccc5dd9d978270cc22ab07fced09631547c72999740cfd9

data/.travis.yml

@@ -0,0 +1,12 @@
+language: ruby
+cache: bundler
+before_script: createdb attr_vault
+sudo: false
+script: DATABASE_URL="postgres:///attr_vault" bundle exec rspec
+addons:
+  postgresql: "9.3"
+env:
+rvm:
+  - 2.2.2
+notifications:
+  email: false

data/Gemfile

@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 
-ruby '2.1.2'
+ruby '2.2.2'
 
 # Specify your gem's dependencies in attr_vault.gemspec
 gemspec

data/Gemfile.lock

@@ -1,13 +1,13 @@
 PATH
   remote: .
   specs:
-    attr_vault (0.0.8)
+    attr_vault (0.1.1)
 
 GEM
   remote: https://rubygems.org/
   specs:
     diff-lcs (1.2.5)
-    pg (0.17.1)
+    pg (0.18.3)
     rspec (3.1.0)
       rspec-core (~> 3.1.0)
       rspec-expectations (~> 3.1.0)
@@ -27,6 +27,6 @@ PLATFORMS
 
 DEPENDENCIES
   attr_vault!
-  pg (~> 0)
+  pg (~> 0.18.3)
   rspec (~> 3.0)
   sequel (~> 4.13)

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2014 Maciek Sakrejda
+Copyright (c) 2014 AttrVault Contributors
 
 MIT License
 

data/README.md

@@ -0,0 +1,215 @@
+[![Build Status](https://travis-ci.org/uhoh-itsmaciek/attr_vault.svg)](https://travis-ci.org/uhoh-itsmaciek/attr_vault)
+
+# AttrVault
+
+Simple encryption-at-rest plugin for
+[Sequel](https://github.com/jeremyevans/sequel.git).
+
+
+N.B.: AttrVault is *not* for encrypting passwords--for that, you
+should use something like
+[bcrypt](https://github.com/codahale/bcrypt-ruby). It's meant for
+encrypting sensitive data you will need to access in
+plaintext. Passwords do not fall in that category.
+
+
+### Philosophy
+
+Sensitive data should be encrypted at rest. Data breaches are common,
+and while preventing the breach in the first place is preferable,
+defense in depth is a wise strategy.
+
+AttrVault encrypts your data in-application, so your encryption keys
+are never sent to the database. It includes an HMAC, so you can be
+confident the data was not tampered with.
+
+AttrVault is also designed with key rotation in mind. It relies on a
+keyring of keys, always using the newest one for encryption, and
+supporting decryption with any available key. It tracks which data was
+encrypted with which key, making it easy to age out keys when needed
+(e.g., on an employee departure).
+
+
+### Keyring
+
+Keys are managed through a keyring--a short JSON document containing
+information about your encryption keys. The keyring must be a JSON
+array of objects with the fields `id`, `created_at`, and `value`. A
+keyring must have at least one key.
+
+The `id` can be numeric or a uuid. The `created_at` must be an
+ISO-8601 timestamp indicating the age of a key relative to the other
+keys. The `value` is the actual bytes of the encryption key, used for
+encryption and verification: see below.
+
+
+### Encryption and verification
+
+The encryption mechanism in AttrVault is borrowed from another
+encryption library, [Fernet](https://github.com/fernet). The encrypted
+payload format is slightly different: AttrVault drops the TTL (almost
+never useful for data at rest) and the Base64 encoding (since most
+modern databases can deal with binary data natively).
+
+The key should be 32 bytes of random data, base64-encoded. A simple
+way to generate that is:
+
+```console
+$ dd if=/dev/urandom bs=32 count=1 2>/dev/null | openssl base64
+```
+
+Include the result of this in the `value` section of the key
+description in the keyring. Half this key is used for encryption, and
+half for the HMAC.
+
+
+### Usage
+
+N.B.: AttrVault depends on the `Sequel::Model#before_save` hook. If
+you use this in your model, be sure to call `super`!
+
+First generate a key as above.
+
+#### General schema changes
+
+AttrVault needs some small changes to your database schema. It
+requires a key identifier column for each model that uses encrypted
+fields, and a binary data column for each field.
+
+Here is a sample Sequel migration for adding encrypted fields to
+Postgres, where binary data is stored in `bytea` columns:
+
+```ruby
+Sequel.migration do
+  change do
+    alter_table(:diary_entries) do
+      add_column :key_id, :uuid
+      add_column :secret_stuff, :bytea
+    end
+  end
+end
+```
+
+
+#### Encrypted fields
+
+AttrVault needs some configuration in models as well. A
+`vault_keyring` attribute specifies a keyring in JSON (see the
+expected format above). Then, for each field to be encrypted, include
+a `vault_attr` attribute with its desired attribute name. You can
+optionally specify the name of the encrypted column as well (by
+default, it will be the field name suffixed with `_encrypted`):
+
+```ruby
+class DiaryEntry < Sequel::Model
+  vault_keyring ENV['ATTR_VAULT_KEYRING']
+  vault_attr :body, encrypted_field: :secret_stuff
+end
+```
+
+AttrVault will generate getters and setters for any `vault_attr`s
+specified.
+
+
+#### Lookups
+
+One tricky aspect of encryption is looking up records by known secret.
+E.g.,
+
+```ruby
+DiaryEntry.where(body: '@SwiftOnSecurity is dreamy')
+```
+
+is trivial with plaintext fields, but impossible with the model
+defined as above.
+
+AttrVault includes a way to mitigate this. Another small schema change:
+
+```ruby
+Sequel.migration do
+  change do
+    alter_table(:diary_entries) do
+      add_column :secret_digest, :bytea
+    end
+  end
+end
+```
+
+Another small model definition change:
+
+```ruby
+class DiaryEntry < Sequel::Model
+  vault_keyring ENV['ATTR_VAULT_KEYRING']
+  vault_attr :body, encrypted_field: :secret_stuff,
+    digest_field: :secret_digest
+end
+```
+
+To be continued...
+
+(storing digests is implemented, easy lookup by digest is not)
+
+#### Migrating unencrypted data
+
+If you have plaintext data that you'd like to start encrypting, doing
+so in one shot can require a maintenance window if your data volume is
+large enough. To avoid this, AttrVault supports online migration via
+an "encrypt-on-write" mechanism: models will be read as normal, but
+their fields will be encrypted whenever the models are saved. To
+enable this behavior, just specify where the unencrypted data is
+coming from:
+
+```ruby
+class DiaryEntry < Sequel::Model
+  vault_keyring ENV['ATTR_VAULT_KEYRING']
+  vault_attr :body, encrypted_field: :secret_stuff,
+    migrate_from_field: :please_no_snooping
+end
+```
+
+It's safe to use the same name as the name of the encrypted attribute.
+
+
+#### Key rotation
+
+Because AttrVault uses a keyring, with access to multiple keys at
+once, key rotation is fairly straightforward: if you add a key to the
+keyring with a more recent `created_at` than any other key, that key
+will automatically be used for encryption. Any keys that are no longer
+in use can be removed from the keyring.
+
+To check if an existing key with id 123 is still in use, run:
+
+```ruby
+DiaryEntry.where(key_id: 123).empty?
+```
+
+If this is true, the key with that id can be safely removed.
+
+For a large dataset, you may want to index the `key_id` column.
+
+
+### Contributing
+
+Patches are warmly welcome.
+
+To run tests locally, you'll need a `DATABASE_URL` environment
+variable pointing to a database AttrVault may use for testing. E.g.,
+
+```console
+$ createdb attr_vault_test
+$ DATABASE_URL=postgres:///attr_vault_test bundle exec rspec
+```
+
+Please follow the project's general coding style and open issues for
+any significant behavior or API changes.
+
+A pull request is understood to mean you are offering your code to the
+project under the MIT License.
+
+
+### License
+
+Copyright (c) 2014-2015 AttrVault Contributors
+
+MIT License. See LICENSE for full text.

data/attr_vault.gemspec

@@ -5,7 +5,7 @@ Gem::Specification.new do |gem|
   gem.email         = ["m.sakrejda@gmail.com"]
   gem.description   = %q{Encryption at rest made easy}
   gem.summary       = %q{Sequel plugin for encryption at rest}
-  gem.homepage      = "https://github.com/deafbybeheading/attr_vault"
+  gem.homepage      = "https://github.com/uhoh-itsmaciek/attr_vault"
 
   gem.files         = `git ls-files`.split($\)
   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
@@ -16,6 +16,6 @@ Gem::Specification.new do |gem|
   gem.license       = "MIT"
 
   gem.add_development_dependency "rspec", '~> 3.0'
-  gem.add_development_dependency "pg", '~> 0'
+  gem.add_development_dependency "pg", '~> 0.18.3'
   gem.add_development_dependency "sequel", '~> 4.13'
 end

data/lib/attr_vault/cryptor.rb

@@ -3,8 +3,6 @@ require 'base64'
 module AttrVault
   module Cryptor
 
-    PARANOID = true
-
     def self.encrypt(value, key)
       return value if value.nil? || value.empty?
 
@@ -14,15 +12,6 @@ module AttrVault
       encrypted_payload = iv + encrypted_message
       mac = Encryption.hmac_digest(secret.signing_key, encrypted_payload)
 
-      if PARANOID
-        mac_again = Encryption.hmac_digest(secret.signing_key, encrypted_payload)
-        unless verify_signature(mac, mac_again)
-          raise InvalidCiphertext, "Could not reliably calculate HMAC; " +
-            "got #{Base64.encode64(mac)} and #{Base64.encode64(mac_again)} " +
-            "for the same values"
-        end
-      end
-
       Sequel.blob(mac + encrypted_payload)
     end
 

data/lib/attr_vault/keyring.rb

@@ -18,6 +18,10 @@ module AttrVault
       @created_at = created_at
     end
 
+    def digest(data)
+      AttrVault::Encryption::hmac_digest(value, data)
+    end
+
     def to_json(*args)
       { id: id, value: value, created_at: created_at }.to_json
     end
@@ -78,6 +82,10 @@ module AttrVault
       k
     end
 
+    def digests(data)
+      keys.map { |k| k.digest(data) }
+    end
+
     def to_json
       @keys.to_json
     end

data/lib/attr_vault/version.rb

@@ -1,3 +1,3 @@
 module AttrVault
-  VERSION = "0.0.9"
+  VERSION = "0.1.1"
 end

data/lib/attr_vault.rb

@@ -3,7 +3,6 @@ require 'attr_vault/keyring'
 require 'attr_vault/secret'
 require 'attr_vault/encryption'
 require 'attr_vault/cryptor'
-require 'digest/sha1'
 
 module AttrVault
   def self.included(base)
@@ -31,14 +30,14 @@ module AttrVault
           @vault_dirty_attrs[attr.name] ||= self.send(attr.name)
         end
       end
-      # If any attr has plaintext_source_field and the plaintext field
+      # If any attr has migrate_from_field and the plaintext field
       # has a value set, flag the attr as dirty using the plaintext
       # source value, then nil out the plaintext field. Skip any
       # attributes that are already dirty.
-      self.class.vault_attrs.reject { |attr| attr.plaintext_source_field.nil? }.each do |attr|
-        unless self[attr.plaintext_source_field].nil?
-          @vault_dirty_attrs[attr.name] ||= self[attr.plaintext_source_field]
-          self[attr.plaintext_source_field] = nil
+      self.class.vault_attrs.reject { |attr| attr.migrate_from_field.nil? }.each do |attr|
+        unless self[attr.migrate_from_field].nil?
+          @vault_dirty_attrs[attr.name] ||= self[attr.migrate_from_field]
+          self[attr.migrate_from_field] = nil
         end
       end
       self.class.vault_attrs.each do |attr|
@@ -52,7 +51,8 @@ module AttrVault
           if value.nil?
             self[attr.digest_field] = nil
           else
-            self[attr.digest_field] = Digest::SHA1.hexdigest(value)
+            self[attr.digest_field] =
+              Sequel.blob(Encryption.hmac_digest(current_key.value, value))
           end
         end
       end
@@ -68,6 +68,10 @@ module AttrVault
       @keyring = Keyring.load(keyring_data)
     end
 
+    def vault_digests(data)
+      @keyring.digests(data).map { |d| Sequel.blob(d) }
+    end
+
     def vault_attr(name, opts={})
       attr = VaultAttr.new(name, opts)
       self.vault_attrs << attr
@@ -79,8 +83,8 @@ module AttrVault
         end
         # if there is a plaintext source field, use that and ignore
         # the encrypted field
-        if !attr.plaintext_source_field.nil? && !self[attr.plaintext_source_field].nil?
-          return self[attr.plaintext_source_field]
+        if !attr.migrate_from_field.nil? && !self[attr.migrate_from_field].nil?
+          return self[attr.migrate_from_field]
         end
 
         keyring = self.class.vault_keys
@@ -124,15 +128,21 @@ module AttrVault
   end
 
   class VaultAttr
-    attr_reader :name, :encrypted_field, :plaintext_source_field, :digest_field
+    attr_reader :name, :encrypted_field, :migrate_from_field,
+                :migrate_from_kind, :digest_field
 
     def initialize(name,
                    encrypted_field: "#{name}_encrypted",
-                   plaintext_source_field: nil,
+                   migrate_from_field: nil,
+                   migrate_from_kind: :plaintext,
                    digest_field: nil)
       @name = name
       @encrypted_field = encrypted_field.to_sym
-      @plaintext_source_field = plaintext_source_field.to_sym unless plaintext_source_field.nil?
+      @migrate_from_field = migrate_from_field.to_sym unless migrate_from_field.nil?
+      unless migrate_from_kind == :plaintext
+        raise ArgumentError, "Unknown migration kind: #{migrate_from_kind}"
+      end
+      @migrate_from_kind = migrate_from_kind
       @digest_field = digest_field.to_sym unless digest_field.nil?
     end
   end

data/spec/attr_vault_spec.rb

@@ -4,23 +4,19 @@ require 'json'
 describe AttrVault do
   context "with a single encrypted column" do
     let(:key_id)   { '80a8571b-dc8a-44da-9b89-caee87e41ce2' }
-    let(:key_data) {
-      [{
-        id: key_id,
-        value: 'aFJDXs+798G7wgS/nap21LXIpm/Rrr39jIVo2m/cdj8=',
-        created_at: Time.now }].to_json
-    }
-    let(:item)   {
-      # the let form can't be evaluated inside the class definition
-      # because Ruby scoping rules were written by H.P. Lovecraft, so
-      # we create a local here to work around that
+    let(:key_data) do
+      [ { id: key_id,
+          value: 'aFJDXs+798G7wgS/nap21LXIpm/Rrr39jIVo2m/cdj8=',
+          created_at: Time.now } ].to_json
+    end
+    let(:item) do
       k = key_data
       Class.new(Sequel::Model(:items)) do
         include AttrVault
         vault_keyring k
         vault_attr :secret
       end
-    }
+    end
 
     context "with a new object" do
       it "does not affect other attributes" do
@@ -133,13 +129,12 @@ describe AttrVault do
   end
 
   context "with multiple encrypted columns" do
-    let(:key_data) {
-      [{
-        id: '80a8571b-dc8a-44da-9b89-caee87e41ce2',
-        value: 'aFJDXs+798G7wgS/nap21LXIpm/Rrr39jIVo2m/cdj8=',
-        created_at: Time.now }].to_json
-    }
-    let(:item)   {
+    let(:key_data) do
+      [ { id: '80a8571b-dc8a-44da-9b89-caee87e41ce2',
+          value: 'aFJDXs+798G7wgS/nap21LXIpm/Rrr39jIVo2m/cdj8=',
+          created_at: Time.now } ].to_json
+    end
+    let(:item) do
       k = key_data
       Class.new(Sequel::Model(:items)) do
         include AttrVault
@@ -147,7 +142,7 @@ describe AttrVault do
         vault_attr :secret
         vault_attr :other
       end
-    }
+    end
 
     it "does not clobber other attributes" do
       secret1 = "superman is really mild-mannered reporter clark kent"
@@ -164,30 +159,20 @@ describe AttrVault do
 
   context "with items encrypted with an older key" do
     let(:key1_id)  { '80a8571b-dc8a-44da-9b89-caee87e41ce2' }
-    let(:key1)     {
-      {
-       id: key1_id,
-       value: 'aFJDXs+798G7wgS/nap21LXIpm/Rrr39jIVo2m/cdj8=',
-       created_at: Time.new(2014, 1, 1, 0, 0, 0)
-      }
-    }
-
+    let(:key1) do
+      { id: key1_id,
+        value: 'aFJDXs+798G7wgS/nap21LXIpm/Rrr39jIVo2m/cdj8=',
+        created_at: Time.new(2014, 1, 1, 0, 0, 0) }
+    end
     let(:key2_id)  { '0a85781b-d8ac-4a4d-89b9-acee874e1ec2' }
-    let(:key2)     {
-      {
-       id: key2_id,
-       value: 'hUL1orBBRckZOuSuptRXYMV9lx5Qp54zwFUVwpwTpdk=',
-       created_at: Time.new(2014, 2, 1, 0, 0, 0)
-      }
-    }
-    let(:partial_keyring) {
-      [key1].to_json
-    }
-
-    let(:full_keyring) {
-      [key1, key2].to_json
-    }
-    let(:item1) {
+    let(:key2) do
+      { id: key2_id,
+        value: 'hUL1orBBRckZOuSuptRXYMV9lx5Qp54zwFUVwpwTpdk=',
+        created_at: Time.new(2014, 2, 1, 0, 0, 0) }
+    end
+    let(:partial_keyring) { [key1].to_json }
+    let(:full_keyring)    { [key1, key2].to_json }
+    let(:item1) do
       k = partial_keyring
       Class.new(Sequel::Model(:items)) do
         include AttrVault
@@ -195,8 +180,8 @@ describe AttrVault do
         vault_attr :secret
         vault_attr :other
       end
-    }
-    let(:item2) {
+    end
+    let(:item2) do
       k = full_keyring
       Class.new(Sequel::Model(:items)) do
         include AttrVault
@@ -204,7 +189,7 @@ describe AttrVault do
         vault_attr :secret
         vault_attr :other
       end
-    }
+    end
 
     it "rewrites the items using the current key" do
       secret1 = 'mrs. doubtfire is really a man'
@@ -246,13 +231,12 @@ describe AttrVault do
 
   context "with plaintext source fields" do
     let(:key_id)   { '80a8571b-dc8a-44da-9b89-caee87e41ce2' }
-    let(:key_data) {
-      [{
-        id: key_id,
-        value: 'aFJDXs+798G7wgS/nap21LXIpm/Rrr39jIVo2m/cdj8=',
-        created_at: Time.now }].to_json
-    }
-    let(:item1) {
+    let(:key_data) do
+      [ { id: key_id,
+          value: 'aFJDXs+798G7wgS/nap21LXIpm/Rrr39jIVo2m/cdj8=',
+          created_at: Time.now } ].to_json
+    end
+    let(:item1) do
       k = key_data
       Class.new(Sequel::Model(:items)) do
         include AttrVault
@@ -260,16 +244,16 @@ describe AttrVault do
         vault_attr :secret
         vault_attr :other
       end
-    }
-    let(:item2) {
+    end
+    let(:item2) do
       k = key_data
       Class.new(Sequel::Model(:items)) do
         include AttrVault
         vault_keyring k
-        vault_attr :secret, plaintext_source_field: :not_secret
-        vault_attr :other, plaintext_source_field: :other_not_secret
+        vault_attr :secret, migrate_from_field: :not_secret
+        vault_attr :other, migrate_from_field: :other_not_secret
       end
-    }
+    end
 
     it "copies a plaintext field to an encrypted field when saving the object" do
       becomes_secret = 'the location of the lost continent of atlantis'
@@ -312,12 +296,11 @@ describe AttrVault do
   end
 
   context "with renamed database fields" do
-    let(:key_data) {
-      [{
-        id: '80a8571b-dc8a-44da-9b89-caee87e41ce2',
-        value: 'aFJDXs+798G7wgS/nap21LXIpm/Rrr39jIVo2m/cdj8=',
-        created_at: Time.now }].to_json
-    }
+    let(:key_data) do
+      [ { id: '80a8571b-dc8a-44da-9b89-caee87e41ce2',
+          value: 'aFJDXs+798G7wgS/nap21LXIpm/Rrr39jIVo2m/cdj8=',
+          created_at: Time.now } ].to_json
+    end
 
     it "supports renaming the encrypted field" do
       k = key_data
@@ -355,43 +338,58 @@ describe AttrVault do
 
   context "with a digest field" do
     let(:key_id)   { '80a8571b-dc8a-44da-9b89-caee87e41ce2' }
-    let(:key_data) {
-      [{
-        id: key_id,
-        value: 'aFJDXs+798G7wgS/nap21LXIpm/Rrr39jIVo2m/cdj8=',
-        created_at: Time.now }].to_json
-    }
-    let(:item)   {
-      # the let form can't be evaluated inside the class definition
-      # because Ruby scoping rules were written by H.P. Lovecraft, so
-      # we create a local here to work around that
-      k = key_data
+    let(:key) do
+      [ { id: key_id,
+          value: 'aFJDXs+798G7wgS/nap21LXIpm/Rrr39jIVo2m/cdj8=',
+          created_at: Time.now } ]
+    end
+    let(:item) do
+      k = key.to_json
       Class.new(Sequel::Model(:items)) do
         include AttrVault
         vault_keyring k
         vault_attr :secret, digest_field: :secret_digest
         vault_attr :other, digest_field: :other_digest
       end
-    }
+    end
+
+    def test_digest(key, data)
+      OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'),
+        key.first.fetch(:value), data)
+    end
 
-    it "records the sha1 of the plaintext value" do
+    def count_matching_digests(item_class, digest_field, secret)
+      item.where({digest_field => item_class.vault_digests(secret)}).count
+    end
+
+    it "records the hmac of the plaintext value" do
       secret = 'snape kills dumbledore'
       s = item.create(secret: secret)
-      expect(s.secret_digest).to eq(Digest::SHA1.hexdigest(secret))
+      expect(s.secret_digest).to eq(test_digest(key, secret))
+      expect(count_matching_digests(item, :secret_digest, secret)).to eq(1)
     end
 
     it "can record multiple digest fields" do
       secret = 'joffrey kills ned'
       other_secret = '"gomer pyle" lawrence kills himself'
       s = item.create(secret: secret, other: other_secret)
-      expect(s.secret_digest).to eq(Digest::SHA1.hexdigest(secret))
-      expect(s.other_digest).to eq(Digest::SHA1.hexdigest(other_secret))
+      expect(s.secret_digest).to eq(test_digest(key, secret))
+      expect(s.other_digest).to eq(test_digest(key, other_secret))
+
+      # Check vault_digests feature matching against the database.
+      expect(count_matching_digests(item, :secret_digest, secret)).to eq(1)
+      expect(count_matching_digests(item, :other_digest, other_secret)).to eq(1)
+
+      # Negative tests for mismatched digesting.
+      expect(count_matching_digests(item, :secret_digest, other_secret))
+        .to eq(0)
+      expect(count_matching_digests(item, :other_digest, secret)).to eq(0)
     end
 
     it "records the digest for an empty field" do
       s = item.create(secret: '', other: '')
-      expect(s.secret_digest).to eq(Digest::SHA1.hexdigest(''))
-      expect(s.other_digest).to eq(Digest::SHA1.hexdigest(''))
+      expect(s.secret_digest).to eq(test_digest(key, ''))
+      expect(s.other_digest).to eq(test_digest(key, ''))
     end
 
     it "records the digest of a nil field" do
@@ -401,3 +399,34 @@ describe AttrVault do
     end
   end
 end
+
+describe "stress test" do
+  let(:key_id)   { '80a8571b-dc8a-44da-9b89-caee87e41ce2' }
+  let(:key_data) do
+    [ { id: key_id,
+        value: 'aFJDXs+798G7wgS/nap21LXIpm/Rrr39jIVo2m/cdj8=',
+        created_at: Time.now } ].to_json
+  end
+  let(:item) do
+    k = key_data
+    Class.new(Sequel::Model(:items)) do
+      include AttrVault
+      vault_keyring k
+      vault_attr :secret
+    end
+  end
+
+  it "works" do
+    3.times.map do
+      Thread.new do
+        s = item.create(secret: 'that Commander Keen level in DOOM II')
+        1_000.times do
+          new_secret = [ nil, '', 36.times.map { (0..255).to_a.sample.chr }.join('') ].sample
+          s.update(secret: new_secret)
+          s.reload
+          expect(s.secret).to eq new_secret
+        end
+      end
+    end.map(&:join)
+  end
+end

data/spec/spec_helper.rb

@@ -20,9 +20,9 @@ conn.run <<-EOF
       key_id uuid,
       alt_key_id uuid,
       secret_encrypted bytea,
-      secret_digest text,
+      secret_digest bytea,
       other_encrypted bytea,
-      other_digest text,
+      other_digest bytea,
       not_secret text,
       other_not_secret text
     )

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: attr_vault
 version: !ruby/object:Gem::Version
-  version: 0.0.9
+  version: 0.1.1
 platform: ruby
 authors:
 - Maciek Sakrejda
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-12-22 00:00:00.000000000 Z
+date: 2015-09-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.18.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.18.3
 - !ruby/object:Gem::Dependency
   name: sequel
   requirement: !ruby/object:Gem::Requirement
@@ -59,9 +59,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".travis.yml"
 - Gemfile
 - Gemfile.lock
 - LICENSE
+- README.md
 - attr_vault.gemspec
 - lib/attr_vault.rb
 - lib/attr_vault/cryptor.rb
@@ -74,7 +76,7 @@ files:
 - spec/attr_vault/secret_spec.rb
 - spec/attr_vault_spec.rb
 - spec/spec_helper.rb
-homepage: https://github.com/deafbybeheading/attr_vault
+homepage: https://github.com/uhoh-itsmaciek/attr_vault
 licenses:
 - MIT
 metadata: {}
@@ -94,7 +96,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Sequel plugin for encryption at rest