blind_index 1.0.2 → 2.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2f39918c983140363af00fe1afeda800a7476a5727fd2c676c713b92222c1f35
-  data.tar.gz: b83995b7b33eddacb2988e7fdb8816a1b2fc644161114b5e191f3d9bb2de2bd2
+  metadata.gz: 030c05f4653c350dbbfc5dd2f39727e44819c286865b27a18ac10c6e94fca449
+  data.tar.gz: f92d3e7d76a1b9ae65fe55bc1cf39e4a133dd633f2c620f0fa75dd0f35df8a55
 SHA512:
-  metadata.gz: b2d03f17acbac80b5ecf8ac1f97321f3c68b0c689db1e50d95cc81cb3769086a5d8da6f8f0386325555c8eb715d46555281e00af38804cd240cadbefa45e86a4
-  data.tar.gz: 59092061d3b415d399f1a20232d680591ccc832af79387945d23d9309062bf10a4b8105062ea277af2fa06b454cd75f9ad3d49a44dabac1a990e2856bc700849
+  metadata.gz: aa5d431804b50709280499845fd4609b0d576328c01a9be87f5d6cffeeb0a37d9fa10eba6a0f5fa33ccae83056bb939e25b85373839ba3d232f1488c88ce6d36
+  data.tar.gz: ddec86434f1b6908763d454a7fa67507bbb0b98bf30c0038b4331dae26d314c58c4a9312b3db1ffff087aa8a3162e8e30cc4082c60f8aadccb688e78d80c4934

data/CHANGELOG.md

@@ -1,3 +1,28 @@
+## 2.1.1 (2020-08-14)
+
+- Fixed `version` option
+
+## 2.1.0 (2020-07-06)
+
+- Improved performance of uniqueness validations
+- Fixed deprecation warnings in Ruby 2.7 with Mongoid
+
+## 2.0.2 (2020-06-01)
+
+- Improved error message for bad key length
+- Fixed `backfill` method with relations for Mongoid
+
+## 2.0.1 (2020-02-14)
+
+- Added `BlindIndex.backfill` method
+
+## 2.0.0 (2020-02-10)
+
+- Blind indexes are updated immediately instead of in a `before_validation` callback
+- Better Lockbox integration - no need to generate a separate key
+- The `argon2` gem has been replaced with `argon2-kdf` for less dependencies and Windows support
+- Removed deprecated `compute_email_bidx`
+
 ## 1.0.2 (2019-12-26)
 
 - Fixed `OpenSSL::KDF` error on some platforms

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2017-2019 Andrew Kane
+Copyright (c) 2017-2020 Andrew Kane
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -10,7 +10,7 @@ Learn more about [securing sensitive data in Rails](https://ankane.org/sensitive
 
 ## How It Works
 
-We use [this approach](https://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql) by Scott Arciszewski. To summarize, we compute a keyed hash of the sensitive data and store it in a column. To query, we apply the keyed hash function to the value we’re searching and then perform a database search. This results in performant queries for exact matches. `LIKE` queries are not possible, but you can index expressions.
+We use [this approach](https://paragonie.com/blog/2017/05/building-searchable-encrypted-databases-with-php-and-sql) by Scott Arciszewski. To summarize, we compute a keyed hash of the sensitive data and store it in a column. To query, we apply the keyed hash function to the value we’re searching and then perform a database search. This results in performant queries for exact matches. Efficient `LIKE` queries are [not possible](#like-ilike-and-full-text-searching), but you can index expressions.
 
 ## Leakage
 
@@ -26,38 +26,14 @@ Add this line to your application’s Gemfile:
 gem 'blind_index'
 ```
 
-On Windows, also add:
+## Prep
 
-```ruby
-gem 'argon2', git: 'https://github.com/technion/ruby-argon2.git', submodules: true
-```
+Your model should already be set up with Lockbox or attr_encrypted. The examples are for a `User` model with `encrypts :email` or `attr_encrypted :email`. See the full examples for [Lockbox](https://ankane.org/securing-user-emails-lockbox) and [attr_encrypted](https://ankane.org/securing-user-emails-in-rails) if needed.
 
-Until `argon2 > 2.0.2` is released.
+Also, if you use attr_encrypted, [generate a key](#key-generation).
 
 ## Getting Started
 
-> Note: Your model should already be set up with Lockbox or attr_encrypted. The examples are for a `User` model with `encrypts :email` or `attr_encrypted :email`. See the full examples for [Lockbox](https://ankane.org/securing-user-emails-lockbox) and [attr_encrypted](https://ankane.org/securing-user-emails-in-rails) if needed.
-
-First, generate a key
-
-```ruby
-BlindIndex.generate_key
-```
-
-Store the key with your other secrets. This is typically Rails credentials or an environment variable ([dotenv](https://github.com/bkeepers/dotenv) is great for this). Be sure to use different keys in development and production. Keys don’t need to be hex-encoded, but it’s often easier to store them this way.
-
-Set the following environment variable with your key (you can use this one in development)
-
-```sh
-BLIND_INDEX_MASTER_KEY=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
-```
-
-or create `config/initializers/blind_index.rb` with something like
-
-```ruby
-BlindIndex.master_key = Rails.application.credentials.blind_index_master_key
-```
-
 Create a migration to add a column for the blind index
 
 ```ruby
@@ -84,10 +60,7 @@ end
 Backfill existing records
 
 ```ruby
-User.unscoped.where(email_bidx: nil).find_each do |user|
-  user.compute_email_bidx
-  user.save(validate: false)
-end
+BlindIndex.backfill(User)
 ```
 
 And query away
@@ -96,9 +69,19 @@ And query away
 User.where(email: "test@example.org")
 ```
 
+## Expressions
+
+You can apply expressions to attributes before indexing and searching. This gives you the the ability to perform case-insensitive searches and more.
+
+```ruby
+class User < ApplicationRecord
+  blind_index :email, expression: ->(v) { v.downcase }
+end
+```
+
 ## Validations
 
-To prevent duplicates, use:
+You can use blind indexes for uniqueness validations.
 
 ```ruby
 class User < ApplicationRecord
@@ -106,15 +89,27 @@ class User < ApplicationRecord
 end
 ```
 
-We also recommend adding a unique index to the blind index column through a database migration.
+We recommend adding a unique index to the blind index column through a database migration.
 
-## Expressions
+```ruby
+add_index :users, :email_bidx, unique: true
+```
 
-You can apply expressions to attributes before indexing and searching. This gives you the the ability to perform case-insensitive searches and more.
+For `allow_blank: true`, use:
+
+```ruby
+class User < ApplicationRecord
+  blind_index :email, expression: ->(v) { v.presence }
+  validates :email, uniqueness: {allow_blank: true}
+end
+```
+
+For `case_sensitive: false`, use:
 
 ```ruby
 class User < ApplicationRecord
   blind_index :email, expression: ->(v) { v.downcase }
+  validates :email, uniqueness: true # for best performance, leave out {case_sensitive: false}
 end
 ```
 
@@ -139,10 +134,7 @@ end
 Backfill existing records
 
 ```ruby
-User.unscoped.where(email_ci_bidx: nil).find_each do |user|
-  user.compute_email_ci_bidx
-  user.save(validate: false)
-end
+BlindIndex.backfill(User, columns: [:email_ci_bidx])
 ```
 
 And query away
@@ -169,18 +161,34 @@ You can also use virtual attributes to index data from multiple columns:
 ```ruby
 class User < ApplicationRecord
   attribute :initials, :string
+  blind_index :initials
 
-  # must come before the blind_index method so it runs first
   before_validation :set_initials, if: -> { changes.key?(:first_name) || changes.key?(:last_name) }
 
-  blind_index :initials
-
   def set_initials
     self.initials = "#{first_name[0]}#{last_name[0]}"
   end
 end
 ```
 
+## Migrating Data
+
+If you’re encrypting a column and adding a blind index at the same time, use the `migrating` option.
+
+```ruby
+class User < ApplicationRecord
+  blind_index :email, migrating: true
+end
+```
+
+This allows you to backfill records while still querying the unencrypted field.
+
+```ruby
+BlindIndex.backfill(User)
+```
+
+Once that completes, you can remove the `migrating` option.
+
 ## Key Rotation
 
 To rotate keys without downtime, add a new column:
@@ -201,10 +209,7 @@ end
 This will keep the new column synced going forward. Next, backfill the data:
 
 ```ruby
-User.unscoped.where(email_bidx_v2: nil).find_each do |user|
-  user.compute_rotated_email_bidx
-  user.save(validate: false)
-end
+BlindIndex.backfill(User, columns: [:email_bidx_v2])
 ```
 
 Then update your model
@@ -260,6 +265,54 @@ class User
 end
 ```
 
+## Key Generation
+
+This is optional for Lockbox, as its master key is used by default.
+
+Generate a key with:
+
+```ruby
+BlindIndex.generate_key
+```
+
+Store the key with your other secrets. This is typically Rails credentials or an environment variable ([dotenv](https://github.com/bkeepers/dotenv) is great for this). Be sure to use different keys in development and production. Keys don’t need to be hex-encoded, but it’s often easier to store them this way.
+
+Set the following environment variable with your key (you can use this one in development)
+
+```sh
+BLIND_INDEX_MASTER_KEY=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+```
+
+or create `config/initializers/blind_index.rb` with something like
+
+```ruby
+BlindIndex.master_key = Rails.application.credentials.blind_index_master_key
+```
+
+## LIKE, ILIKE, and Full-Text Searching
+
+Unfortunately, blind indexes can’t be used for `LIKE`, `ILIKE`, or full-text searching. Instead, records must be loaded, decrypted, and searched in memory.
+
+For `LIKE`, use:
+
+```ruby
+User.find { |u| u.email.include?("value") }
+```
+
+For `ILIKE`, use:
+
+```ruby
+User.find { |u| u.email =~ /value/i }
+```
+
+For full-text or fuzzy searching, use a gem like [FuzzyMatch](https://github.com/seamusabshere/fuzzy_match):
+
+```ruby
+FuzzyMatch.new(User.all, read: :email).find("value")
+```
+
+If the number of records is large, try to find a way to narrow it down. An [expression index](#expressions) is one way to do this, but leaks which records have the same value of the expression, so use it carefully.
+
 ## Reference
 
 Set default options in an initializer with:
@@ -301,6 +354,14 @@ One alternative to blind indexing is to use a deterministic encryption scheme, l
 
 ## Upgrading
 
+### 2.0.0
+
+2.0.0 brings a number of improvements.
+
+- Blind indexes are updated immediately instead of in a `before_validation` callback
+- Better Lockbox integration - no need to generate a separate key
+- There’s a new gem for Argon2 that has no dependencies and (officially) supports Windows
+
 ### 1.0.0
 
 1.0.0 brings a number of improvements. Here are a few to be aware of:
@@ -421,3 +482,5 @@ cd blind_index
 bundle install
 bundle exec rake test
 ```
+
+For security issues, send an email to the address on [this page](https://github.com/ankane).

data/lib/blind_index.rb

@@ -1,9 +1,10 @@
 # dependencies
 require "active_support"
 require "openssl"
-require "argon2"
+require "argon2/kdf"
 
 # modules
+require "blind_index/backfill"
 require "blind_index/key_generator"
 require "blind_index/model"
 require "blind_index/version"
@@ -18,7 +19,7 @@ module BlindIndex
   self.default_options = {}
 
   def self.master_key
-    @master_key ||= ENV["BLIND_INDEX_MASTER_KEY"]
+    @master_key ||= ENV["BLIND_INDEX_MASTER_KEY"] || (defined?(Lockbox.master_key) && Lockbox.master_key)
   end
 
   def self.generate_bidx(value, key:, **options)
@@ -64,7 +65,7 @@ module BlindIndex
           # use same bounds as rbnacl
           raise BlindIndex::Error, "m must be between 3 and 22" if m < 3 || m > 22
 
-          [Argon2::Engine.hash_argon2id(value, key, t, m, size)].pack("H*")
+          Argon2::KDF.argon2id(value, salt: key, t: t, m: m, p: 1, length: size)
         when :pbkdf2_sha256
           iterations = cost_options[:iterations] || options[:iterations] || (options[:slow] ? 100000 : 10000)
           OpenSSL::PKCS5.pbkdf2_hmac(value, key, iterations, size, "sha256")
@@ -78,7 +79,7 @@ module BlindIndex
           # use same bounds as rbnacl
           raise BlindIndex::Error, "m must be between 3 and 22" if m < 3 || m > 22
 
-          [Argon2::Engine.hash_argon2i(value, key, t, m, size)].pack("H*")
+          Argon2::KDF.argon2i(value, salt: key, t: t, m: m, p: 1, length: size)
         when :scrypt
           n = cost_options[:n] || 4096
           r = cost_options[:r] || 8
@@ -116,29 +117,28 @@ module BlindIndex
     key
   end
 
-  def self.decode_key(key)
+  def self.decode_key(key, name: "Key")
     # decode hex key
     if key.encoding != Encoding::BINARY && key =~ /\A[0-9a-f]{64}\z/i
       key = [key].pack("H*")
     end
 
-    raise BlindIndex::Error, "Key must use binary encoding" if key.encoding != Encoding::BINARY
-    raise BlindIndex::Error, "Key must be 32 bytes" if key.bytesize != 32
+    raise BlindIndex::Error, "#{name} must be 32 bytes (64 hex digits)" if key.bytesize != 32
+    raise BlindIndex::Error, "#{name} must use binary encoding" if key.encoding != Encoding::BINARY
 
     key
   end
+
+  def self.backfill(relation, columns: nil, batch_size: 1000)
+    Backfill.new(relation, columns: columns, batch_size: batch_size).perform
+  end
 end
 
 ActiveSupport.on_load(:active_record) do
   require "blind_index/extensions"
   extend BlindIndex::Model
 
-  if defined?(ActiveRecord::TableMetadata)
-    ActiveRecord::TableMetadata.prepend(BlindIndex::Extensions::TableMetadata)
-  else
-    ActiveRecord::PredicateBuilder.singleton_class.prepend(BlindIndex::Extensions::PredicateBuilder)
-  end
-
+  ActiveRecord::TableMetadata.prepend(BlindIndex::Extensions::TableMetadata)
   ActiveRecord::DynamicMatchers::Method.prepend(BlindIndex::Extensions::DynamicMatchers)
 
   unless ActiveRecord::VERSION::STRING.start_with?("5.1.")
@@ -146,12 +146,9 @@ ActiveSupport.on_load(:active_record) do
   end
 end
 
-if defined?(Mongoid)
-  # TODO find better ActiveModel hook
-  require "active_model/callbacks"
-  ActiveModel::Callbacks.include(BlindIndex::Model)
-
+ActiveSupport.on_load(:mongoid) do
   require "blind_index/mongoid"
+  Mongoid::Document::ClassMethods.include(BlindIndex::Model)
   Mongoid::Criteria.prepend(BlindIndex::Mongoid::Criteria)
   Mongoid::Validatable::UniquenessValidator.prepend(BlindIndex::Mongoid::UniquenessValidator)
 end

data/lib/blind_index/backfill.rb

@@ -0,0 +1,113 @@
+module BlindIndex
+  class Backfill
+    attr_reader :blind_indexes
+
+    def initialize(relation, batch_size:, columns:)
+      @relation = relation
+      @transaction = @relation.respond_to?(:transaction)
+      @batch_size = batch_size
+      @blind_indexes = @relation.blind_indexes
+      filter_columns!(columns) if columns
+    end
+
+    def perform
+      each_batch do |records|
+        backfill_records(records)
+      end
+    end
+
+    private
+
+    # modify in-place
+    def filter_columns!(columns)
+      columns = Array(columns).map(&:to_s)
+      blind_indexes.select! { |_, v| columns.include?(v[:bidx_attribute]) }
+      bad_columns = columns - blind_indexes.map { |_, v| v[:bidx_attribute] }
+      raise ArgumentError, "Bad column: #{bad_columns.first}" if bad_columns.any?
+    end
+
+    def build_relation
+      # build relation
+      relation = @relation
+
+      if defined?(ActiveRecord::Base) && relation.is_a?(ActiveRecord::Base)
+        relation = relation.unscoped
+      end
+
+      # convert from possible class to ActiveRecord::Relation or Mongoid::Criteria
+      relation = relation.all
+
+      attributes = blind_indexes.map { |_, v| v[:bidx_attribute] }
+
+      if defined?(ActiveRecord::Relation) && relation.is_a?(ActiveRecord::Relation)
+        base_relation = relation.unscoped
+        or_relation = relation.unscoped
+
+        attributes.each_with_index do |attribute, i|
+          or_relation =
+            if i == 0
+              base_relation.where(attribute => nil)
+            else
+              or_relation.or(base_relation.where(attribute => nil))
+            end
+        end
+
+        relation.merge(or_relation)
+      else
+        relation.merge(relation.unscoped.or(attributes.map { |a| {a => nil} }))
+      end
+    end
+
+    def each_batch
+      relation = build_relation
+
+      if relation.respond_to?(:find_in_batches)
+        relation.find_in_batches(batch_size: @batch_size) do |records|
+          yield records
+        end
+      else
+        # https://github.com/karmi/tire/blob/master/lib/tire/model/import.rb
+        # use cursor for Mongoid
+        records = []
+        relation.all.each do |record|
+          records << record
+          if records.length == @batch_size
+            yield records
+            records = []
+          end
+        end
+        yield records if records.any?
+      end
+    end
+
+    def backfill_records(records)
+      # do expensive blind index computation outside of transaction
+      records.each do |record|
+        blind_indexes.each do |k, v|
+          record.send("compute_#{k}_bidx") if !record.send(v[:bidx_attribute])
+        end
+      end
+
+      # don't need to save records that went from nil => nil
+      records.select! { |r| r.changed? }
+
+      if records.any?
+        with_transaction do
+          records.each do |record|
+            record.save!(validate: false)
+          end
+        end
+      end
+    end
+
+    def with_transaction
+      if @transaction
+        @relation.transaction do
+          yield
+        end
+      else
+        yield
+      end
+    end
+  end
+end

data/lib/blind_index/extensions.rb

@@ -1,6 +1,5 @@
 module BlindIndex
   module Extensions
-    # ActiveRecord 5.0+
     module TableMetadata
       def resolve_column_aliases(hash)
         new_hash = super
@@ -29,42 +28,19 @@ module BlindIndex
       end
     end
 
-    # ActiveRecord 4.2
-    module PredicateBuilder
-      def resolve_column_aliases(klass, hash)
-        new_hash = super
-        if has_blind_indexes?(klass)
-          hash.each do |key, _|
-            if key.respond_to?(:to_sym) && (bi = klass.blind_indexes[key.to_sym]) && !new_hash[key].is_a?(ActiveRecord::StatementCache::Substitute)
-              value = new_hash.delete(key)
-              new_hash[bi[:bidx_attribute]] =
-                if value.is_a?(Array)
-                  value.map { |v| BlindIndex.generate_bidx(v, bi) }
-                else
-                  BlindIndex.generate_bidx(value, bi)
-                end
-            end
-          end
-        end
-        new_hash
-      end
-
-      @@blind_index_cache = {}
-
-      # memoize for performance
-      def has_blind_indexes?(klass)
-        if @@blind_index_cache[klass].nil?
-          @@blind_index_cache[klass] = klass.respond_to?(:blind_indexes)
+    module UniquenessValidator
+      def validate_each(record, attribute, value)
+        klass = record.class
+        if klass.respond_to?(:blind_indexes) && (bi = klass.blind_indexes[attribute])
+          value = record.read_attribute_for_validation(bi[:bidx_attribute])
         end
-        @@blind_index_cache[klass]
+        super(record, attribute, value)
       end
-    end
 
-    module UniquenessValidator
+      # change attribute name here instead of validate_each for better error message
       if ActiveRecord::VERSION::STRING >= "5.2"
         def build_relation(klass, attribute, value)
           if klass.respond_to?(:blind_indexes) && (bi = klass.blind_indexes[attribute])
-            value = BlindIndex.generate_bidx(value, **bi)
             attribute = bi[:bidx_attribute]
           end
           super(klass, attribute, value)
@@ -72,7 +48,6 @@ module BlindIndex
       else
         def build_relation(klass, table, attribute, value)
           if klass.respond_to?(:blind_indexes) && (bi = klass.blind_indexes[attribute])
-            value = BlindIndex.generate_bidx(value, **bi)
             attribute = bi[:bidx_attribute]
           end
           super(klass, table, attribute, value)

data/lib/blind_index/key_generator.rb

@@ -11,7 +11,7 @@ module BlindIndex
       raise ArgumentError, "Missing field for key generation" if bidx_attribute.to_s.empty?
 
       c = "\x7E"*32
-      root_key = hkdf(BlindIndex.decode_key(@master_key), salt: table.to_s, info: "#{c}#{bidx_attribute}", length: 32, hash: "sha384")
+      root_key = hkdf(BlindIndex.decode_key(@master_key, name: "Master key"), salt: table.to_s, info: "#{c}#{bidx_attribute}", length: 32, hash: "sha384")
       hash_hmac("sha256", pack([table, bidx_attribute, bidx_attribute]), root_key)
     end
 

data/lib/blind_index/model.rb

@@ -10,7 +10,7 @@ module BlindIndex
         # check here so we validate rotate options as well
         unknown_keywords = options.keys - [:algorithm, :attribute, :bidx_attribute,
           :callback, :cost, :encode, :expression, :insecure_key, :iterations, :key,
-          :legacy, :master_key, :size, :slow]
+          :legacy, :master_key, :size, :slow, :version]
         raise ArgumentError, "unknown keywords: #{unknown_keywords.join(", ")}" if unknown_keywords.any?
 
         attribute = options[:attribute] || name
@@ -64,25 +64,30 @@ module BlindIndex
             BlindIndex.generate_bidx(value, **blind_indexes[name])
           end
 
-          define_singleton_method method_name do |value|
-            ActiveSupport::Deprecation.warn("Use #{class_method_name} instead")
-            send(class_method_name, value)
-          end
-
           define_method method_name do
-            self.send("#{bidx_attribute}=", self.class.send(class_method_name, send(attribute)))
+            send("#{bidx_attribute}=", self.class.send(class_method_name, send(attribute)))
           end
 
           if callback
-            if defined?(ActiveRecord) && self < ActiveRecord::Base
-              # Active Record
-              # prevent deprecation warnings
-              before_validation method_name, if: -> { changes.key?(attribute.to_s) }
-            else
-              # Mongoid
-              # Lockbox only supports attribute_changed?
-              before_validation method_name, if: -> { send("#{attribute}_changed?") }
+            activerecord = defined?(ActiveRecord) && self < ActiveRecord::Base
+
+            # TODO reuse module
+            m = Module.new do
+              define_method "#{attribute}=" do |value|
+                result = super(value)
+                send(method_name)
+                result
+              end
+
+              unless activerecord
+                define_method "reset_#{attribute}!" do
+                  result = super()
+                  send(method_name)
+                  result
+                end
+              end
             end
+            prepend m
           end
 
           # use include so user can override

data/lib/blind_index/mongoid.rb

@@ -26,9 +26,9 @@ module BlindIndex
 
               criterion[bidx_key] =
                 if value.is_a?(Array)
-                  value.map { |v| BlindIndex.generate_bidx(v, bi) }
+                  value.map { |v| BlindIndex.generate_bidx(v, **bi) }
                 else
-                  BlindIndex.generate_bidx(value, bi)
+                  BlindIndex.generate_bidx(value, **bi)
                 end
             end
           end
@@ -39,9 +39,18 @@ module BlindIndex
     end
 
     module UniquenessValidator
+      def validate_each(record, attribute, value)
+        klass = record.class
+        if klass.respond_to?(:blind_indexes) && (bi = klass.blind_indexes[attribute])
+          value = record.read_attribute_for_validation(bi[:bidx_attribute])
+        end
+        super(record, attribute, value)
+      end
+
+      # change attribute name here instead of validate_each for better error message
       def create_criteria(base, document, attribute, value)
-        if base.respond_to?(:blind_indexes) && (bi = base.blind_indexes[attribute])
-          value = BlindIndex.generate_bidx(value, bi)
+        klass = document.class
+        if klass.respond_to?(:blind_indexes) && (bi = klass.blind_indexes[attribute])
           attribute = bi[:bidx_attribute]
         end
         super(base, document, attribute, value)

data/lib/blind_index/version.rb

@@ -1,3 +1,3 @@
 module BlindIndex
-  VERSION = "1.0.2"
+  VERSION = "2.1.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: blind_index
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 2.1.1
 platform: ruby
 authors:
 - Andrew Kane
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-12-27 00:00:00.000000000 Z
+date: 2020-08-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -25,19 +25,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '5'
 - !ruby/object:Gem::Dependency
-  name: argon2
+  name: argon2-kdf
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2'
+        version: 0.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '2'
+        version: 0.1.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -174,6 +174,7 @@ files:
 - LICENSE.txt
 - README.md
 - lib/blind_index.rb
+- lib/blind_index/backfill.rb
 - lib/blind_index/extensions.rb
 - lib/blind_index/key_generator.rb
 - lib/blind_index/model.rb