encrypt_column 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.codeclimate.yml +25 -0
- data/README.md +25 -15
- data/encrypt_column.gemspec +1 -0
- data/lib/encrypt_column/decrypt.rb +3 -3
- data/lib/encrypt_column/encrypt.rb +3 -3
- data/lib/encrypt_column/encrypt_column.rb +6 -4
- data/lib/encrypt_column/hashed.rb +3 -3
- data/lib/encrypt_column/version.rb +1 -1
- metadata +18 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8dba9f82d1a78c5200ea0d4d117be9c24dbf8a5a
|
|
4
|
+
data.tar.gz: bb2b83cd4d87086511aa88f78aa1622bd77456bf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e97baf9e34fa2bad54e02e2bc0a055660ff1980f863c7910b5f29e5d5512b5cc358e7a6534c859e679677173311dff9fa861b551a8389b2108401eddc3d40dec
|
|
7
|
+
data.tar.gz: 9d6c490a1bbd22fec5d670d29667c146e8c4ce0c7620a22ee8f6fb96a5eaaadf5545a14f659efbbc9694ffc9dc5396f969e25d51844fe373fd71a60f17b9a542
|
data/.codeclimate.yml
ADDED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
---
|
|
2
|
+
engines:
|
|
3
|
+
duplication:
|
|
4
|
+
enabled: true
|
|
5
|
+
config:
|
|
6
|
+
languages:
|
|
7
|
+
- ruby
|
|
8
|
+
- javascript
|
|
9
|
+
- python
|
|
10
|
+
- php
|
|
11
|
+
fixme:
|
|
12
|
+
enabled: true
|
|
13
|
+
rubocop:
|
|
14
|
+
enabled: true
|
|
15
|
+
ratings:
|
|
16
|
+
paths:
|
|
17
|
+
- "**.inc"
|
|
18
|
+
- "**.js"
|
|
19
|
+
- "**.jsx"
|
|
20
|
+
- "**.module"
|
|
21
|
+
- "**.php"
|
|
22
|
+
- "**.py"
|
|
23
|
+
- "**.rb"
|
|
24
|
+
exclude_paths:
|
|
25
|
+
- spec/
|
data/README.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
[](https://badge.fury.io/rb/encrypt_column)
|
|
2
|
+
[](https://travis-ci.org/danlherman/encrypt_column)
|
|
3
|
+
[](https://coveralls.io/github/danlherman/encrypt_column?branch=master)
|
|
4
|
+
[](https://codeclimate.com/github/danlherman/encrypt_column)
|
|
5
|
+
|
|
1
6
|
# EncryptColumn
|
|
2
7
|
|
|
3
8
|
Encrypt any column with an optional hash (using searchable: true) or conditionally (if: Proc)
|
|
@@ -5,6 +10,7 @@ also has a failsafe (failsafe: true) feature to write to different db column in
|
|
|
5
10
|
the database, i.e. `<name>_ciphertext`. This prevents users from accidentally
|
|
6
11
|
commenting out the encrypt declaration and writing plaintext to the database.
|
|
7
12
|
|
|
13
|
+
|
|
8
14
|
## Installation
|
|
9
15
|
|
|
10
16
|
Add this line to your application's Gemfile:
|
|
@@ -23,21 +29,7 @@ Or install it yourself as:
|
|
|
23
29
|
|
|
24
30
|
## Usage
|
|
25
31
|
|
|
26
|
-
|
|
27
|
-
```ruby
|
|
28
|
-
include EncryptColumn
|
|
29
|
-
```
|
|
30
|
-
|
|
31
|
-
The gem uses the ENCRYPTION_KEY environment variable for encryption setup:
|
|
32
|
-
```
|
|
33
|
-
ENV['ENCRYPTION_KEY'] = 'your_encryption_key_goes_here'
|
|
34
|
-
```
|
|
35
|
-
and optionally a HASH_SALT if the searchable option is used.
|
|
36
|
-
```
|
|
37
|
-
ENV['HASH_SALT'] = 'some_salt'
|
|
38
|
-
```
|
|
39
|
-
|
|
40
|
-
Then specify the column to be encrypted as so (i.e. encrypt ssn column):
|
|
32
|
+
Specify the column to be encrypted as so (i.e. encrypt ssn column):
|
|
41
33
|
```ruby
|
|
42
34
|
encrypt :ssn
|
|
43
35
|
```
|
|
@@ -66,6 +58,24 @@ Use all the options combined, like so:
|
|
|
66
58
|
encrypt :card_number, searchable: true, failsafe: true, if -> (x) { x.card_type == 'credit' }
|
|
67
59
|
```
|
|
68
60
|
|
|
61
|
+
The gem uses the ENCRYPTION_KEY environment variable for encryption setup:
|
|
62
|
+
```
|
|
63
|
+
ENV['ENCRYPTION_KEY'] = 'your_encryption_key_goes_here'
|
|
64
|
+
```
|
|
65
|
+
Alternatively, you can specify the encryption key as an option in the encrypt line:
|
|
66
|
+
```
|
|
67
|
+
encrypt :ssn, key: 'your_encryption_key_goes_here'
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
and optionally a HASH_SALT if the searchable option is used.
|
|
71
|
+
```
|
|
72
|
+
ENV['HASH_SALT'] = 'some_salt'
|
|
73
|
+
```
|
|
74
|
+
Or specify the hash salt in the encrypt line:
|
|
75
|
+
```
|
|
76
|
+
encrypt :ssn, :searchable, hash_salt: 'your_hash_salt_goes_here', key: 'your_encryption_key_goes_here'
|
|
77
|
+
```
|
|
78
|
+
|
|
69
79
|
|
|
70
80
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
|
71
81
|
|
data/encrypt_column.gemspec
CHANGED
|
@@ -24,6 +24,7 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
spec.add_development_dependency "sqlite3"
|
|
25
25
|
spec.add_development_dependency "pry"
|
|
26
26
|
spec.add_development_dependency "rubocop"
|
|
27
|
+
spec.add_development_dependency "coveralls"
|
|
27
28
|
|
|
28
29
|
spec.add_dependency "bcrypt", "~> 3.1"
|
|
29
30
|
spec.add_dependency "activerecord"
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
class Decrypt
|
|
2
|
-
def self.cipher(ciphertext)
|
|
3
|
-
raise 'Encryption Key Config Missing' unless
|
|
4
|
-
ActiveSupport::MessageEncryptor.new(
|
|
2
|
+
def self.cipher(ciphertext, key = ENV['ENCRYPTION_KEY'])
|
|
3
|
+
raise 'Encryption Key Config Missing' unless key.present?
|
|
4
|
+
ActiveSupport::MessageEncryptor.new(key).decrypt_and_verify(ciphertext)
|
|
5
5
|
rescue ActiveSupport::MessageVerifier::InvalidSignature
|
|
6
6
|
return ciphertext
|
|
7
7
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
class Encrypt
|
|
2
|
-
def self.text(plaintext)
|
|
3
|
-
return raise 'Missing Encryption Key Config' if
|
|
4
|
-
ActiveSupport::MessageEncryptor.new(
|
|
2
|
+
def self.text(plaintext, key = ENV['ENCRYPTION_KEY'])
|
|
3
|
+
return raise 'Missing Encryption Key Config' if key.nil?
|
|
4
|
+
ActiveSupport::MessageEncryptor.new(key).encrypt_and_sign(plaintext)
|
|
5
5
|
end
|
|
6
6
|
end
|
|
@@ -8,6 +8,8 @@ module ClassMethods
|
|
|
8
8
|
searchable = options[:searchable] || false
|
|
9
9
|
encrypt_cond = options[:if] || proc { true }
|
|
10
10
|
failsafe = options[:failsafe] || false
|
|
11
|
+
@@encrypt_column_key = options[:key] || ENV['ENCRYPTION_KEY']
|
|
12
|
+
@@hash_salt = options[:hash_salt] || ENV['HASH_SALT']
|
|
11
13
|
column = name
|
|
12
14
|
column = "#{name}_ciphertext" if failsafe
|
|
13
15
|
hash_column = "#{name}_hash"
|
|
@@ -15,19 +17,19 @@ module ClassMethods
|
|
|
15
17
|
# getter
|
|
16
18
|
define_method(name) do
|
|
17
19
|
return read_attribute(column) unless instance_eval(&encrypt_cond)
|
|
18
|
-
Decrypt.cipher(read_attribute(column))
|
|
20
|
+
Decrypt.cipher(read_attribute(column), @@encrypt_column_key)
|
|
19
21
|
end
|
|
20
22
|
|
|
21
23
|
# setter
|
|
22
24
|
define_method("#{name}=") do |value|
|
|
23
25
|
return write_attribute(column, value) unless instance_eval(&encrypt_cond)
|
|
24
|
-
write_attribute(column, Encrypt.text(value))
|
|
25
|
-
write_attribute(hash_column, Hashed.val(value)) if searchable
|
|
26
|
+
write_attribute(column, Encrypt.text(value, @@encrypt_column_key))
|
|
27
|
+
write_attribute(hash_column, Hashed.val(value, @@hash_salt)) if searchable
|
|
26
28
|
end
|
|
27
29
|
|
|
28
30
|
# search method when searchable specified
|
|
29
31
|
define_singleton_method("with_#{name}") do |value|
|
|
30
|
-
where(hash_column.to_sym => Hashed.val(value))
|
|
32
|
+
where(hash_column.to_sym => Hashed.val(value, @@hash_salt))
|
|
31
33
|
end if searchable
|
|
32
34
|
end
|
|
33
35
|
end
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
require 'digest'
|
|
2
2
|
|
|
3
3
|
class Hashed
|
|
4
|
-
def self.val(plaintext)
|
|
4
|
+
def self.val(plaintext, salt = ENV['HASH_SALT'])
|
|
5
5
|
return nil if plaintext.nil?
|
|
6
|
-
return raise 'Missing Hash Salt Config' if
|
|
7
|
-
Digest::SHA2.hexdigest(
|
|
6
|
+
return raise 'Missing Hash Salt Config' if salt.nil?
|
|
7
|
+
Digest::SHA2.hexdigest(salt + plaintext.to_s)
|
|
8
8
|
end
|
|
9
9
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: encrypt_column
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dan Herman
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-09-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -94,6 +94,20 @@ dependencies:
|
|
|
94
94
|
- - ">="
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '0'
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: coveralls
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - ">="
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: '0'
|
|
104
|
+
type: :development
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - ">="
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: '0'
|
|
97
111
|
- !ruby/object:Gem::Dependency
|
|
98
112
|
name: bcrypt
|
|
99
113
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -143,6 +157,7 @@ executables: []
|
|
|
143
157
|
extensions: []
|
|
144
158
|
extra_rdoc_files: []
|
|
145
159
|
files:
|
|
160
|
+
- ".codeclimate.yml"
|
|
146
161
|
- ".gitignore"
|
|
147
162
|
- ".rspec"
|
|
148
163
|
- ".rubocop.yml"
|
|
@@ -180,7 +195,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
180
195
|
version: '0'
|
|
181
196
|
requirements: []
|
|
182
197
|
rubyforge_project:
|
|
183
|
-
rubygems_version: 2.
|
|
198
|
+
rubygems_version: 2.4.5
|
|
184
199
|
signing_key:
|
|
185
200
|
specification_version: 4
|
|
186
201
|
summary: Easily encrypt columns in your app conditionally and with hashed values for
|