kms_encrypted 1.5.1 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/LICENSE.txt +1 -1
- data/README.md +1 -29
- data/lib/kms_encrypted/model.rb +6 -2
- data/lib/kms_encrypted/version.rb +1 -1
- metadata +20 -10
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b4755c4aff4e6bf830d6adb1fb1e81588b5c862de45ab4c72c43f2b95e9c6917
|
|
4
|
+
data.tar.gz: dea7d38ed29b406a44f4e92d9a8059e1e517f6a36877718d7b7960a0aa4aedb2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e8c5e7b8f0cbd544bd00dc1a786c391943fb41fbcc4ed454711b240e7abd365004170ced0b7dfe5604d16852482b6a72472aac16f32dbe5c070f4a5d864fa5be
|
|
7
|
+
data.tar.gz: ff7e871de0c9ad6738a6d126991c38679916f17770d88c1132f5a6a3381db1e8db80f40c032cf00ea2b040692cdc64d29d45c08793e747a639ec939caf240b9e
|
data/CHANGELOG.md
CHANGED
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
|
@@ -14,7 +14,7 @@ Supports [AWS KMS](https://aws.amazon.com/kms/), [Google Cloud KMS](https://clou
|
|
|
14
14
|
|
|
15
15
|
Check out [this post](https://ankane.org/sensitive-data-rails) for more info on securing sensitive data with Rails
|
|
16
16
|
|
|
17
|
-
[](https://github.com/ankane/kms_encrypted/actions)
|
|
18
18
|
|
|
19
19
|
## How It Works
|
|
20
20
|
|
|
@@ -480,34 +480,6 @@ kms.decrypt(ciphertext, context: {model_name: "User", model_id: 123})
|
|
|
480
480
|
|
|
481
481
|
To securely search encrypted data, check out [Blind Index](https://github.com/ankane/blind_index).
|
|
482
482
|
|
|
483
|
-
## Upgrading
|
|
484
|
-
|
|
485
|
-
### 1.0
|
|
486
|
-
|
|
487
|
-
KMS Encrypted 1.0 brings a number of improvements. Here are a few breaking changes to be aware of:
|
|
488
|
-
|
|
489
|
-
- There’s now a default encryption context with the model name and id
|
|
490
|
-
- ActiveSupport notifications were changed from `generate_data_key` and `decrypt_data_key` to `encrypt` and `decrypt`
|
|
491
|
-
- AWS KMS uses the `Encrypt` operation instead of `GenerateDataKey`
|
|
492
|
-
|
|
493
|
-
If you didn’t previously use encryption context, add the `upgrade_context` option to your models:
|
|
494
|
-
|
|
495
|
-
```ruby
|
|
496
|
-
class User < ApplicationRecord
|
|
497
|
-
has_kms_key upgrade_context: true
|
|
498
|
-
end
|
|
499
|
-
```
|
|
500
|
-
|
|
501
|
-
Then run:
|
|
502
|
-
|
|
503
|
-
```ruby
|
|
504
|
-
User.where("encrypted_kms_key NOT LIKE 'v1:%'").find_each do |user|
|
|
505
|
-
user.rotate_kms_key!
|
|
506
|
-
end
|
|
507
|
-
```
|
|
508
|
-
|
|
509
|
-
And remove the `upgrade_context` option.
|
|
510
|
-
|
|
511
483
|
## History
|
|
512
484
|
|
|
513
485
|
View the [changelog](CHANGELOG.md)
|
data/lib/kms_encrypted/model.rb
CHANGED
|
@@ -81,8 +81,12 @@ module KmsEncrypted
|
|
|
81
81
|
key = SecureRandom.random_bytes(32)
|
|
82
82
|
|
|
83
83
|
if eager_encrypt == :fetch_id
|
|
84
|
-
|
|
85
|
-
|
|
84
|
+
unless self.class.connection_db_config.adapter.to_s.match?(/postg/i)
|
|
85
|
+
raise ArgumentError, ":fetch_id only works with Postgres"
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
sequence_name = self.class.sequence_name
|
|
89
|
+
self.id ||= self.class.connection_pool.with_connection { |c| c.execute("select nextval('#{sequence_name}')").first["nextval"] }
|
|
86
90
|
end
|
|
87
91
|
|
|
88
92
|
if eager_encrypt == true || ([:try, :fetch_id].include?(eager_encrypt) && id)
|
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kms_encrypted
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Kane
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 2025-04-03 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: activesupport
|
|
@@ -16,15 +15,28 @@ dependencies:
|
|
|
16
15
|
requirements:
|
|
17
16
|
- - ">="
|
|
18
17
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '
|
|
18
|
+
version: '7.1'
|
|
20
19
|
type: :runtime
|
|
21
20
|
prerelease: false
|
|
22
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
22
|
requirements:
|
|
24
23
|
- - ">="
|
|
25
24
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '
|
|
27
|
-
|
|
25
|
+
version: '7.1'
|
|
26
|
+
- !ruby/object:Gem::Dependency
|
|
27
|
+
name: base64
|
|
28
|
+
requirement: !ruby/object:Gem::Requirement
|
|
29
|
+
requirements:
|
|
30
|
+
- - ">="
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '0'
|
|
33
|
+
type: :runtime
|
|
34
|
+
prerelease: false
|
|
35
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - ">="
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '0'
|
|
28
40
|
email: andrew@ankane.org
|
|
29
41
|
executables: []
|
|
30
42
|
extensions: []
|
|
@@ -49,7 +61,6 @@ homepage: https://github.com/ankane/kms_encrypted
|
|
|
49
61
|
licenses:
|
|
50
62
|
- MIT
|
|
51
63
|
metadata: {}
|
|
52
|
-
post_install_message:
|
|
53
64
|
rdoc_options: []
|
|
54
65
|
require_paths:
|
|
55
66
|
- lib
|
|
@@ -57,15 +68,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
57
68
|
requirements:
|
|
58
69
|
- - ">="
|
|
59
70
|
- !ruby/object:Gem::Version
|
|
60
|
-
version: '3'
|
|
71
|
+
version: '3.2'
|
|
61
72
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
62
73
|
requirements:
|
|
63
74
|
- - ">="
|
|
64
75
|
- !ruby/object:Gem::Version
|
|
65
76
|
version: '0'
|
|
66
77
|
requirements: []
|
|
67
|
-
rubygems_version: 3.
|
|
68
|
-
signing_key:
|
|
78
|
+
rubygems_version: 3.6.2
|
|
69
79
|
specification_version: 4
|
|
70
80
|
summary: Simple, secure key management for Lockbox and attr_encrypted
|
|
71
81
|
test_files: []
|