encrypt_column 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.codeclimate.yml +25 -0
- data/README.md +25 -15
- data/encrypt_column.gemspec +1 -0
- data/lib/encrypt_column/decrypt.rb +3 -3
- data/lib/encrypt_column/encrypt.rb +3 -3
- data/lib/encrypt_column/encrypt_column.rb +6 -4
- data/lib/encrypt_column/hashed.rb +3 -3
- data/lib/encrypt_column/version.rb +1 -1
- metadata +18 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8dba9f82d1a78c5200ea0d4d117be9c24dbf8a5a
|
|
4
|
+
data.tar.gz: bb2b83cd4d87086511aa88f78aa1622bd77456bf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e97baf9e34fa2bad54e02e2bc0a055660ff1980f863c7910b5f29e5d5512b5cc358e7a6534c859e679677173311dff9fa861b551a8389b2108401eddc3d40dec
|
|
7
|
+
data.tar.gz: 9d6c490a1bbd22fec5d670d29667c146e8c4ce0c7620a22ee8f6fb96a5eaaadf5545a14f659efbbc9694ffc9dc5396f969e25d51844fe373fd71a60f17b9a542
|
data/.codeclimate.yml
ADDED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
---
|
|
2
|
+
engines:
|
|
3
|
+
duplication:
|
|
4
|
+
enabled: true
|
|
5
|
+
config:
|
|
6
|
+
languages:
|
|
7
|
+
- ruby
|
|
8
|
+
- javascript
|
|
9
|
+
- python
|
|
10
|
+
- php
|
|
11
|
+
fixme:
|
|
12
|
+
enabled: true
|
|
13
|
+
rubocop:
|
|
14
|
+
enabled: true
|
|
15
|
+
ratings:
|
|
16
|
+
paths:
|
|
17
|
+
- "**.inc"
|
|
18
|
+
- "**.js"
|
|
19
|
+
- "**.jsx"
|
|
20
|
+
- "**.module"
|
|
21
|
+
- "**.php"
|
|
22
|
+
- "**.py"
|
|
23
|
+
- "**.rb"
|
|
24
|
+
exclude_paths:
|
|
25
|
+
- spec/
|
data/README.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
[](https://badge.fury.io/rb/encrypt_column)
|
|
2
|
+
[](https://travis-ci.org/danlherman/encrypt_column)
|
|
3
|
+
[](https://coveralls.io/github/danlherman/encrypt_column?branch=master)
|
|
4
|
+
[](https://codeclimate.com/github/danlherman/encrypt_column)
|
|
5
|
+
|
|
1
6
|
# EncryptColumn
|
|
2
7
|
|
|
3
8
|
Encrypt any column with an optional hash (using searchable: true) or conditionally (if: Proc)
|
|
@@ -5,6 +10,7 @@ also has a failsafe (failsafe: true) feature to write to different db column in
|
|
|
5
10
|
the database, i.e. `<name>_ciphertext`. This prevents users from accidentally
|
|
6
11
|
commenting out the encrypt declaration and writing plaintext to the database.
|
|
7
12
|
|
|
13
|
+
|
|
8
14
|
## Installation
|
|
9
15
|
|
|
10
16
|
Add this line to your application's Gemfile:
|
|
@@ -23,21 +29,7 @@ Or install it yourself as:
|
|
|
23
29
|
|
|
24
30
|
## Usage
|
|
25
31
|
|
|
26
|
-
|
|
27
|
-
```ruby
|
|
28
|
-
include EncryptColumn
|
|
29
|
-
```
|
|
30
|
-
|
|
31
|
-
The gem uses the ENCRYPTION_KEY environment variable for encryption setup:
|
|
32
|
-
```
|
|
33
|
-
ENV['ENCRYPTION_KEY'] = 'your_encryption_key_goes_here'
|
|
34
|
-
```
|
|
35
|
-
and optionally a HASH_SALT if the searchable option is used.
|
|
36
|
-
```
|
|
37
|
-
ENV['HASH_SALT'] = 'some_salt'
|
|
38
|
-
```
|
|
39
|
-
|
|
40
|
-
Then specify the column to be encrypted as so (i.e. encrypt ssn column):
|
|
32
|
+
Specify the column to be encrypted as so (i.e. encrypt ssn column):
|
|
41
33
|
```ruby
|
|
42
34
|
encrypt :ssn
|
|
43
35
|
```
|
|
@@ -66,6 +58,24 @@ Use all the options combined, like so:
|
|
|
66
58
|
encrypt :card_number, searchable: true, failsafe: true, if -> (x) { x.card_type == 'credit' }
|
|
67
59
|
```
|
|
68
60
|
|
|
61
|
+
The gem uses the ENCRYPTION_KEY environment variable for encryption setup:
|
|
62
|
+
```
|
|
63
|
+
ENV['ENCRYPTION_KEY'] = 'your_encryption_key_goes_here'
|
|
64
|
+
```
|
|
65
|
+
Alternatively, you can specify the encryption key as an option in the encrypt line:
|
|
66
|
+
```
|
|
67
|
+
encrypt :ssn, key: 'your_encryption_key_goes_here'
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
and optionally a HASH_SALT if the searchable option is used.
|
|
71
|
+
```
|
|
72
|
+
ENV['HASH_SALT'] = 'some_salt'
|
|
73
|
+
```
|
|
74
|
+
Or specify the hash salt in the encrypt line:
|
|
75
|
+
```
|
|
76
|
+
encrypt :ssn, :searchable, hash_salt: 'your_hash_salt_goes_here', key: 'your_encryption_key_goes_here'
|
|
77
|
+
```
|
|
78
|
+
|
|
69
79
|
|
|
70
80
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
71
81
|
|
data/encrypt_column.gemspec
CHANGED
|
@@ -24,6 +24,7 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
spec.add_development_dependency "sqlite3"
|
|
25
25
|
spec.add_development_dependency "pry"
|
|
26
26
|
spec.add_development_dependency "rubocop"
|
|
27
|
+
spec.add_development_dependency "coveralls"
|
|
27
28
|
|
|
28
29
|
spec.add_dependency "bcrypt", "~> 3.1"
|
|
29
30
|
spec.add_dependency "activerecord"
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class Decrypt
|
|
2
|
-
def self.cipher(ciphertext)
|
|
3
|
-
raise 'Encryption Key Config Missing' unless
|
|
4
|
-
ActiveSupport::MessageEncryptor.new(
|
|
2
|
+
def self.cipher(ciphertext, key = ENV['ENCRYPTION_KEY'])
|
|
3
|
+
raise 'Encryption Key Config Missing' unless key.present?
|
|
4
|
+
ActiveSupport::MessageEncryptor.new(key).decrypt_and_verify(ciphertext)
|
|
5
5
|
rescue ActiveSupport::MessageVerifier::InvalidSignature
|
|
6
6
|
return ciphertext
|
|
7
7
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class Encrypt
|
|
2
|
-
def self.text(plaintext)
|
|
3
|
-
return raise 'Missing Encryption Key Config' if
|
|
4
|
-
ActiveSupport::MessageEncryptor.new(
|
|
2
|
+
def self.text(plaintext, key = ENV['ENCRYPTION_KEY'])
|
|
3
|
+
return raise 'Missing Encryption Key Config' if key.nil?
|
|
4
|
+
ActiveSupport::MessageEncryptor.new(key).encrypt_and_sign(plaintext)
|
|
5
5
|
end
|
|
6
6
|
end
|
|
@@ -8,6 +8,8 @@ module ClassMethods
|
|
|
8
8
|
searchable = options[:searchable] || false
|
|
9
9
|
encrypt_cond = options[:if] || proc { true }
|
|
10
10
|
failsafe = options[:failsafe] || false
|
|
11
|
+
@@encrypt_column_key = options[:key] || ENV['ENCRYPTION_KEY']
|
|
12
|
+
@@hash_salt = options[:hash_salt] || ENV['HASH_SALT']
|
|
11
13
|
column = name
|
|
12
14
|
column = "#{name}_ciphertext" if failsafe
|
|
13
15
|
hash_column = "#{name}_hash"
|
|
@@ -15,19 +17,19 @@ module ClassMethods
|
|
|
15
17
|
# getter
|
|
16
18
|
define_method(name) do
|
|
17
19
|
return read_attribute(column) unless instance_eval(&encrypt_cond)
|
|
18
|
-
Decrypt.cipher(read_attribute(column))
|
|
20
|
+
Decrypt.cipher(read_attribute(column), @@encrypt_column_key)
|
|
19
21
|
end
|
|
20
22
|
|
|
21
23
|
# setter
|
|
22
24
|
define_method("#{name}=") do |value|
|
|
23
25
|
return write_attribute(column, value) unless instance_eval(&encrypt_cond)
|
|
24
|
-
write_attribute(column, Encrypt.text(value))
|
|
25
|
-
write_attribute(hash_column, Hashed.val(value)) if searchable
|
|
26
|
+
write_attribute(column, Encrypt.text(value, @@encrypt_column_key))
|
|
27
|
+
write_attribute(hash_column, Hashed.val(value, @@hash_salt)) if searchable
|
|
26
28
|
end
|
|
27
29
|
|
|
28
30
|
# search method when searchable specified
|
|
29
31
|
define_singleton_method("with_#{name}") do |value|
|
|
30
|
-
where(hash_column.to_sym => Hashed.val(value))
|
|
32
|
+
where(hash_column.to_sym => Hashed.val(value, @@hash_salt))
|
|
31
33
|
end if searchable
|
|
32
34
|
end
|
|
33
35
|
end
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
require 'digest'
|
|
2
2
|
|
|
3
3
|
class Hashed
|
|
4
|
-
def self.val(plaintext)
|
|
4
|
+
def self.val(plaintext, salt = ENV['HASH_SALT'])
|
|
5
5
|
return nil if plaintext.nil?
|
|
6
|
-
return raise 'Missing Hash Salt Config' if
|
|
7
|
-
Digest::SHA2.hexdigest(
|
|
6
|
+
return raise 'Missing Hash Salt Config' if salt.nil?
|
|
7
|
+
Digest::SHA2.hexdigest(salt + plaintext.to_s)
|
|
8
8
|
end
|
|
9
9
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: encrypt_column
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dan Herman
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-09-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -94,6 +94,20 @@ dependencies:
|
|
|
94
94
|
- - ">="
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '0'
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: coveralls
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - ">="
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: '0'
|
|
104
|
+
type: :development
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - ">="
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: '0'
|
|
97
111
|
- !ruby/object:Gem::Dependency
|
|
98
112
|
name: bcrypt
|
|
99
113
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -143,6 +157,7 @@ executables: []
|
|
|
143
157
|
extensions: []
|
|
144
158
|
extra_rdoc_files: []
|
|
145
159
|
files:
|
|
160
|
+
- ".codeclimate.yml"
|
|
146
161
|
- ".gitignore"
|
|
147
162
|
- ".rspec"
|
|
148
163
|
- ".rubocop.yml"
|
|
@@ -180,7 +195,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
180
195
|
version: '0'
|
|
181
196
|
requirements: []
|
|
182
197
|
rubyforge_project:
|
|
183
|
-
rubygems_version: 2.
|
|
198
|
+
rubygems_version: 2.4.5
|
|
184
199
|
signing_key:
|
|
185
200
|
specification_version: 4
|
|
186
201
|
summary: Easily encrypt columns in your app conditionally and with hashed values for
|