RubyGems - kms_attrs - Versions diffs - 0.0.1 - Mend

kms_attrs 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d39a653ef22ea6014157ef79f61eef65a94a8e9c
+  data.tar.gz: b20183569e6787f9fba5561daad0a39973c7ed39
+SHA512:
+  metadata.gz: 8e5176dd3b2f9e5469a7edd6fa6c14ada182511857876aa3f350171de3327a2c08ffb8dc20dc3e096f497376b695da3fb32a1b5672766aa7a1f74599cec6a116
+  data.tar.gz: 4556912f19423af534ae5dad63caadd1fff7810e89232573d281e7c0a0eb0cea0e173a18887ff4f233f50fdc2c16a6d4aad41c55c58db77057d6a71bf8ebfa44

data/lib/kms_attrs.rb ADDED Viewed

@@ -0,0 +1,163 @@
+module KmsAttrs
+  class << self
+    def included base
+      base.extend ClassMethods
+    end
+  end
+  module ClassMethods
+    def kms_attr(field, key_id:, retain: false, context_key: nil, context_value: nil)
+      include InstanceMethods
+      define_method "#{field}=" do |data|
+        key_id = set_key_id(key_id)
+        data_key = aws_generate_data_key(key_id, context_key, context_value)
+        encrypted = encrypt_attr(data, data_key.plaintext)
+        data_key.plaintext = nil
+        if retain
+          set_retained(field, data)
+        end
+        data = nil
+        store_hash(field, {
+          key: data_key.ciphertext_blob,
+          iv: encrypted[:iv],
+          blob: encrypted[:data]
+        })
+      end
+      define_method "#{field}" do
+        get_hash(field)
+      end
+      define_method "#{field}_d" do
+        hash = get_hash(field)
+        if hash
+          if retain && plaintext = get_retained(field)
+            plaintext
+          else
+            plaintext = decrypt_attr(
+              hash[:blob],
+              aws_decrypt_key(hash[:key], context_key, context_value),
+              hash[:iv]
+            )
+            if retain
+              set_retained(field, plaintext)
+            end
+            plaintext
+          end
+        else
+          nil
+        end
+      end
+    end
+  end
+  module InstanceMethods
+    def store_hash(field, data)
+      @_hashes ||= {}
+      b_data = Marshal.dump(data)
+      data64 = Base64.encode64(b_data)
+      @_hashes[field] = data64
+      self[field] = data64
+    end
+    def get_hash(field)
+      @_hashes ||= {}
+      hash = @_hashes[field] ||= read_attribute(field)
+      if hash
+        Marshal.load(Base64.decode64(hash))
+      else
+        nil
+      end
+    end
+    def get_retained(field)
+      @_retained ||= {}
+      @_retained[field]
+    end
+    def set_retained(field, plaintext)
+      @_retained ||= {}
+      @_retained[field] = plaintext
+    end
+    def decrypt_attr(data, key, iv)
+      decipher = OpenSSL::Cipher.new('AES-256-CBC')
+      decipher.decrypt
+      decipher.key = key
+      decipher.iv = iv
+      decipher.update(data) + decipher.final
+    end
+    def encrypt_attr(data, key)
+      cipher = OpenSSL::Cipher.new('AES-256-CBC')
+      cipher.encrypt
+      cipher.key = key
+      iv = cipher.random_iv
+      {iv: iv, data: cipher.update(data) + cipher.final}
+    end
+    def aws_decrypt_key(key, context_key, context_value)
+      args = {ciphertext_blob: key}
+      aws_kms.decrypt(apply_context(args, context_key, context_value)).plaintext
+    end
+    def aws_kms
+      @kms ||= Aws::KMS::Client.new(region: ENV['AWS_DEFAULT_REGION'])
+    end
+    def aws_generate_data_key(key_id, context_key, context_value)
+      args = {key_id: key_id, key_spec: 'AES_256'}
+      aws_kms.generate_data_key(apply_context(args, context_key, context_value))
+    end
+    def apply_context(args, key, value)
+      if key && value
+        if key.is_a?(Proc)
+          key = key.call
+        end
+        if value.is_a?(Proc)
+          value = value.call
+        end
+        if key.is_a?(Symbol)
+          key = self.send(key)
+        end
+        if value.is_a?(Symbol)
+          value = self.send(value)
+        end
+        if key.is_a?(String) && value.is_a?(String)
+          args[:encryption_context] = {key => value}
+        end
+      end
+      args
+    end
+    def set_key_id(key_id)
+      if key_id.is_a?(Proc)
+        key_id = key_id.call
+      end
+      if key_id.is_a?(Symbol)
+        key_id = self.send(key_id)
+      end
+      if key_id.is_a?(String)
+        return key_id
+      end
+    end
+  end
+end
+if Object.const_defined?('ActiveRecord')
+  ActiveRecord::Base.send(:include, KmsAttrs)
+end

metadata ADDED Viewed

@@ -0,0 +1,87 @@
+--- !ruby/object:Gem::Specification
+name: kms_attrs
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Justin Ouellette
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2015-06-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Quickly add KMS encryption and decryption to your ActiveRecord model
+  attributes.
+email: ouellette.justin@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/kms_attrs.rb
+homepage: https://github.com/justinoue/kms_attrs
+licenses:
+- GPLv3
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.3
+signing_key:
+specification_version: 4
+summary: AWS KMS encryption for ActiveRecord.
+test_files: []