kms_rails 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +13 -0
- data/lib/kms_rails/active_job.rb +4 -1
- data/lib/kms_rails/active_record.rb +1 -1
- data/lib/kms_rails/core.rb +10 -2
- data/lib/kms_rails/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cac0957a6a31fda032ccba360d3bf44fba646bc9
|
4
|
+
data.tar.gz: 722181fc0cd93bc5eeea994b95f569cf15823597
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 794526a33a35314c2dc76c82b7c3349d20593988e37ad83f15de924bc34cb29d99ebf469b3983d12c80bfd9f4fcc3b4516097c96391d4dc15c6262d52ee8ccdb
|
7
|
+
data.tar.gz: 4ab31886dceec3369c723ed4e28f7bfdc2d64ab95cf82bb03322cee11fd4f83a7008deb46b0c4228998381d6561ce442773ff90e04c6188009ef61d49a85387a
|
data/README.md
CHANGED
@@ -74,6 +74,19 @@ Encryption is done when the job is seralized into the data store and is stored a
|
|
74
74
|
|
75
75
|
The encryption is automatically reversed when the job is deserialized.
|
76
76
|
|
77
|
+
### Already encrypted parameters
|
78
|
+
|
79
|
+
You also have the option of passing the value from your ActiveRecord encrypted field directly into the ActiveJob. If you do this, the value will not be encrypted twice.
|
80
|
+
|
81
|
+
For instance, if you want to enqueue an encrypted value into a job on a node that cannot decrypt that value, you could do something like this;
|
82
|
+
|
83
|
+
```ruby
|
84
|
+
value = MyModel.find(10).secret_field_enc
|
85
|
+
MyImportantJob.perform_later(value)
|
86
|
+
```
|
87
|
+
|
88
|
+
In this instance, `value` will not be decrypted, nor encrypted twice.
|
89
|
+
|
77
90
|
##Additional Options
|
78
91
|
You can add encryption contexts as strings or procs to kms_attr and kms_arg/args. Default is none.
|
79
92
|
```ruby
|
data/lib/kms_rails/active_job.rb
CHANGED
@@ -21,7 +21,10 @@ module KmsRails
|
|
21
21
|
args = args.dup
|
22
22
|
|
23
23
|
field_numbers.each do |i|
|
24
|
-
|
24
|
+
# We skip encoding if nil or if already encrypted
|
25
|
+
unless args[i].nil? || (args[i].class == Hash && args[i].keys.to_set == ['key', 'iv', 'blob'].to_set)
|
26
|
+
args[i] = enc.encrypt64(args[i])
|
27
|
+
end
|
25
28
|
end
|
26
29
|
|
27
30
|
super(args)
|
data/lib/kms_rails/core.rb
CHANGED
@@ -30,7 +30,7 @@ module KmsRails
|
|
30
30
|
end
|
31
31
|
|
32
32
|
def encrypt64(data)
|
33
|
-
encrypt(data)
|
33
|
+
self.class.to64(encrypt(data))
|
34
34
|
end
|
35
35
|
|
36
36
|
def decrypt(data_obj)
|
@@ -42,7 +42,7 @@ module KmsRails
|
|
42
42
|
end
|
43
43
|
|
44
44
|
def decrypt64(data_obj)
|
45
|
-
decrypt(
|
45
|
+
decrypt( self.class.from64(data_obj) )
|
46
46
|
end
|
47
47
|
|
48
48
|
def key_id
|
@@ -65,6 +65,14 @@ module KmsRails
|
|
65
65
|
str.tr!("\0-\xff".b, "\0".b)
|
66
66
|
end
|
67
67
|
|
68
|
+
def self.to64(data_obj)
|
69
|
+
data_obj.map { |k,v| [k, Base64.strict_encode64(v)] }.to_h
|
70
|
+
end
|
71
|
+
|
72
|
+
def self.from64(data_obj)
|
73
|
+
data_obj.map { |k,v| [k, Base64.strict_decode64(v)] }.to_h
|
74
|
+
end
|
75
|
+
|
68
76
|
private
|
69
77
|
|
70
78
|
def apply_context(args, key, value)
|
data/lib/kms_rails/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kms_rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ash Tyndall
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date: 2016-12-
|
12
|
+
date: 2016-12-05 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activerecord
|