RubyGems - kms_encrypted - Versions diffs - 1.3.0 → 1.5.0 - Mend

kms_encrypted 1.3.0 → 1.5.0

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +9 -0
data/LICENSE.txt +1 -1
data/README.md +10 -12
data/lib/kms_encrypted/clients/vault.rb +1 -1
data/lib/kms_encrypted/model.rb +8 -2
data/lib/kms_encrypted/version.rb +1 -1
data/lib/kms_encrypted.rb +11 -11
metadata +6 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 67d1e3fb931f190e380e35875f1c6346025ebbdd101cdef33ed028d57f2e1b9d
-  data.tar.gz: fe2286f23847db1ee9314cd505fb00478574682a6edd9c7e754e2ce231926e4c
+  metadata.gz: c5e9d54c273ae3e76a7a1f7a531b72b06caf5e00379f38e0d163e26199a06e88
+  data.tar.gz: d52dfddfa8a212558a03a7471256f6eb9548f9d4f38c9cad94f4a3f9b83c8273
 SHA512:
-  metadata.gz: 9c651b9fad6d49d6ae4d2a6006ac34d65f7d0f2072446f7cb622c1f48c2c050fc7d70fc6baa0c8883fbe86e34c0ce4e0a00e1b6907d6577209b3389dd94cbced
-  data.tar.gz: 21eeadd0dbb9ed008ca9d2feb34bd43b5dee9c0527aa56b3a1a8a318535ef4707f3690acf504af6091837ec52a81abf1041e7166ef3a2a110cfa35824adebcde
+  metadata.gz: 44ed5968f5922182764a922e8c915850e720b9909959ff0194c0f0451bb544986ea278b21380da539b30b203d8779304e01c8d4b04f407e67e623999c8456b1e
+  data.tar.gz: 4cf8569a4bae315bf269ae16dfb145cb5bf90f8680eeab7b886be9e486281e09b6426529d7254da93e0adb0060eee4be9f8674bc15ba0730105d20c4c1cc7423

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,12 @@
+## 1.5.0 (2023-04-09)
+- Added support for attr_encrypted 4
+- Dropped support for Ruby < 3 and Rails < 6
+## 1.4.0 (2022-01-10)
+- Dropped support for Ruby < 2.6 and Rails < 5.2
 ## 1.3.0 (2021-10-10)
 - Added support for `google-cloud-kms` gem

data/LICENSE.txt CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright (c) 2017-2021 Andrew Kane
+Copyright (c) 2017-2023 Andrew Kane
 MIT License

data/README.md CHANGED Viewed

@@ -29,7 +29,7 @@ To decrypt an attribute, we first decrypt the data key with the KMS. Once we hav
 Add this line to your application’s Gemfile:
 ```ruby
-gem 'kms_encrypted'
+gem "kms_encrypted"
 ```
 And follow the instructions for your key management service:
@@ -43,7 +43,7 @@ And follow the instructions for your key management service:
 Add this line to your application’s Gemfile:
 ```ruby
-gem 'aws-sdk-kms'
+gem "aws-sdk-kms"
 ```
 Create an [Amazon Web Services](https://aws.amazon.com/) account if you don’t have one. KMS works great whether or not you run your infrastructure on AWS.
@@ -67,7 +67,7 @@ KMS_KEY_ID=alias/my-alias
 Add this line to your application’s Gemfile:
 ```ruby
-gem 'google-cloud-kms'
+gem "google-cloud-kms"
 ```
 Create a [Google Cloud Platform](https://cloud.google.com/) account if you don’t have one. KMS works great whether or not you run your infrastructure on GCP.
@@ -83,7 +83,7 @@ KMS_KEY_ID=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/
 Add this line to your application’s Gemfile:
 ```ruby
-gem 'vault'
+gem "vault"
 ```
 Enable the [transit](https://www.vaultproject.io/docs/secrets/transit/index.html) secrets engine
@@ -121,7 +121,7 @@ class User < ApplicationRecord
   has_kms_key
   # Lockbox fields
-  encrypts :email, key: :kms_key
+  has_encrypted :email, key: :kms_key
   # Lockbox files
   encrypts_attached :license, key: :kms_key
@@ -339,11 +339,9 @@ KmsEncrypted.key_id = Rails.env.test? ? "insecure-test-key" : ENV["KMS_KEY_ID"]
 Key management services allow you to rotate the master key without any code changes.
-AWS KMS supports [automatic key rotation](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html).
-For Google Cloud, use the Google Cloud Console or API.
-For Vault, use:
+- For AWS KMS, you can use [automatic key rotation](https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
+- For Google Cloud, use the Google Cloud Console or API
+- For Vault, use:
 ```sh
 vault write -f transit/keys/my-key/rotate
@@ -431,8 +429,8 @@ class User < ApplicationRecord
   has_kms_key name: :phone, key_id: "..."
   # Lockbox
-  encrypts :email, key: :kms_key
-  encrypts :phone, key: :kms_key_phone
+  has_encrypted :email, key: :kms_key
+  has_encrypted :phone, key: :kms_key_phone
   # attr_encrypted
   attr_encrypted :email, key: :kms_key

data/lib/kms_encrypted/clients/vault.rb CHANGED Viewed

@@ -28,7 +28,7 @@ module KmsEncrypted
               options
             )
           rescue ::Vault::HTTPClientError => e
-            decryption_failed! if e.message.include?("unable to decrypt")
+            decryption_failed! if e.message.include?("unable to decrypt") || e.message.include?("message authentication failed")
             raise e
           rescue ::Vault::HTTPServerError => e
             decryption_failed! if e.message.include?("message authentication failed")

data/lib/kms_encrypted/model.rb CHANGED Viewed

@@ -122,8 +122,14 @@ module KmsEncrypted
           plaintext_attributes = {}
           # attr_encrypted
-          if self.class.respond_to?(:encrypted_attributes)
-            self.class.encrypted_attributes.each do |key, v|
+          encrypted_attributes_method =
+            if defined?(AttrEncrypted::Version::MAJOR) && AttrEncrypted::Version::MAJOR >= 4
+              :attr_encrypted_encrypted_attributes
+            else
+              :encrypted_attributes
+            end
+          if self.class.respond_to?(encrypted_attributes_method)
+            self.class.send(encrypted_attributes_method).to_a.each do |key, v|
               if v[:key] == key_method.to_sym
                 plaintext_attributes[key] = send(key)
               elsif v[:key].respond_to?(:call)

data/lib/kms_encrypted/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module KmsEncrypted
-  VERSION = "1.3.0"
+  VERSION = "1.5.0"
 end

data/lib/kms_encrypted.rb CHANGED Viewed

@@ -5,19 +5,19 @@ require "json"
 require "securerandom"
 # modules
-require "kms_encrypted/box"
-require "kms_encrypted/database"
-require "kms_encrypted/log_subscriber"
-require "kms_encrypted/model"
-require "kms_encrypted/version"
+require_relative "kms_encrypted/box"
+require_relative "kms_encrypted/database"
+require_relative "kms_encrypted/log_subscriber"
+require_relative "kms_encrypted/model"
+require_relative "kms_encrypted/version"
 # clients
-require "kms_encrypted/client"
-require "kms_encrypted/clients/base"
-require "kms_encrypted/clients/aws"
-require "kms_encrypted/clients/google"
-require "kms_encrypted/clients/test"
-require "kms_encrypted/clients/vault"
+require_relative "kms_encrypted/client"
+require_relative "kms_encrypted/clients/base"
+require_relative "kms_encrypted/clients/aws"
+require_relative "kms_encrypted/clients/google"
+require_relative "kms_encrypted/clients/test"
+require_relative "kms_encrypted/clients/vault"
 module KmsEncrypted
   class Error < StandardError; end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kms_encrypted
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.5.0
 platform: ruby
 authors:
 - Andrew Kane
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-10 00:00:00.000000000 Z
+date: 2023-04-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '6'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '6'
 description:
 email: andrew@ankane.org
 executables: []
@@ -57,14 +57,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: Simple, secure key management for Lockbox and attr_encrypted