kms_encrypted 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +6 -6
- data/lib/kms_encrypted.rb +2 -1
- data/lib/kms_encrypted/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4319f0f40f5294c89119d36ebaba64696eb9abeb
|
|
4
|
+
data.tar.gz: 46933afe998badcf3b95814e0d9c1144f432d822
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2ca6b3da8040d329ee3a4bac21e0a06e82c9c423fed259e62508dd92332196eac46034d3803760baffc3c312a7618594fd1c0caefe7b25ebc8b57305e176501d
|
|
7
|
+
data.tar.gz: 56520a00ea21504b321e6e93f8f43283cd37a1b75d84661cb4e2a85d2ead8dda11062eb307bb8b4258c26ebdc3b0fcad017d335e9e9471314e0f393e69632f50
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -33,7 +33,7 @@ Add a column to store encrypted KMS data keys
|
|
|
33
33
|
add_column :users, :encrypted_kms_key, :string
|
|
34
34
|
```
|
|
35
35
|
|
|
36
|
-
Create a [KMS master key](https://console.aws.amazon.com/iam/home#/encryptionKeys) and set it in your environment (
|
|
36
|
+
Create a [KMS master key](https://console.aws.amazon.com/iam/home#/encryptionKeys) and set it in your environment ([dotenv](https://github.com/bkeepers/dotenv) is great for this)
|
|
37
37
|
|
|
38
38
|
```sh
|
|
39
39
|
KMS_KEY_ID=arn:aws:kms:...
|
|
@@ -43,7 +43,7 @@ And update your model
|
|
|
43
43
|
|
|
44
44
|
```ruby
|
|
45
45
|
class User < ApplicationRecord
|
|
46
|
-
has_kms_key
|
|
46
|
+
has_kms_key
|
|
47
47
|
|
|
48
48
|
attr_encrypted :email, key: :kms_key
|
|
49
49
|
end
|
|
@@ -78,7 +78,7 @@ class User < ApplicationRecord
|
|
|
78
78
|
end
|
|
79
79
|
```
|
|
80
80
|
|
|
81
|
-
|
|
81
|
+
[Amazon Athena](https://aws.amazon.com/athena/) is great for querying CloudTrail logs. Create a table (thanks to [this post](http://www.1strategy.com/blog/2017/07/25/auditing-aws-activity-with-cloudtrail-and-athena/) for the table structure) with:
|
|
82
82
|
|
|
83
83
|
```sql
|
|
84
84
|
CREATE EXTERNAL TABLE cloudtrail_logs (
|
|
@@ -159,7 +159,7 @@ KMS_KEY_ID=arn:aws:kms:...
|
|
|
159
159
|
|
|
160
160
|
and run
|
|
161
161
|
|
|
162
|
-
```
|
|
162
|
+
```ruby
|
|
163
163
|
User.find_each do |user|
|
|
164
164
|
user.rotate_kms_key!
|
|
165
165
|
end
|
|
@@ -179,8 +179,8 @@ And update your model
|
|
|
179
179
|
|
|
180
180
|
```ruby
|
|
181
181
|
class User < ApplicationRecord
|
|
182
|
-
has_kms_key
|
|
183
|
-
has_kms_key
|
|
182
|
+
has_kms_key
|
|
183
|
+
has_kms_key name: :phone, key_id: "..."
|
|
184
184
|
|
|
185
185
|
attr_encrypted :email, key: :kms_key
|
|
186
186
|
attr_encrypted :phone, key: :kms_key_phone
|
data/lib/kms_encrypted.rb
CHANGED
|
@@ -8,7 +8,8 @@ module KmsEncrypted
|
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
module Model
|
|
11
|
-
def has_kms_key(
|
|
11
|
+
def has_kms_key(legacy_key_id = nil, name: nil, key_id: nil)
|
|
12
|
+
key_id ||= legacy_key_id || ENV["KMS_KEY_ID"]
|
|
12
13
|
raise ArgumentError, "Missing key id" unless key_id
|
|
13
14
|
|
|
14
15
|
key_method = name ? "kms_key_#{name}" : "kms_key"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kms_encrypted
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Kane
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-09-
|
|
11
|
+
date: 2017-09-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-kms
|