kms_rails 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 694a99855a3a64a2d64d52297d4c1e49e7413838
-  data.tar.gz: 9bfa2bd4692f9279c547eabb840d2ac8a6729f24
+  metadata.gz: cac0957a6a31fda032ccba360d3bf44fba646bc9
+  data.tar.gz: 722181fc0cd93bc5eeea994b95f569cf15823597
 SHA512:
-  metadata.gz: cac9396f4b113594de45748b63f18e7142dbffd628d5374b22f93d565ba15de9cf05c3ef32d743db423fff3231b5845001480b420d73a4817451a1f853594a81
-  data.tar.gz: 2c5239e05de81a8a5dd27cf778cc6e5df2f1e31b844e501a52cbb025788053c0a1082bfa455963357cf92602b2755e13d9189fb262297371f664246436335962
+  metadata.gz: 794526a33a35314c2dc76c82b7c3349d20593988e37ad83f15de924bc34cb29d99ebf469b3983d12c80bfd9f4fcc3b4516097c96391d4dc15c6262d52ee8ccdb
+  data.tar.gz: 4ab31886dceec3369c723ed4e28f7bfdc2d64ab95cf82bb03322cee11fd4f83a7008deb46b0c4228998381d6561ce442773ff90e04c6188009ef61d49a85387a

data/README.md

@@ -74,6 +74,19 @@ Encryption is done when the job is seralized into the data store and is stored a
 
 The encryption is automatically reversed when the job is deserialized.
 
+### Already encrypted parameters
+
+You also have the option of passing the value from your ActiveRecord encrypted field directly into the ActiveJob. If you do this, the value will not be encrypted twice.
+
+For instance, if you want to enqueue an encrypted value into a job on a node that cannot decrypt that value, you could do something like this;
+
+```ruby
+value = MyModel.find(10).secret_field_enc
+MyImportantJob.perform_later(value)
+```
+
+In this instance, `value` will not be decrypted, nor encrypted twice.
+
 ##Additional Options
 You can add encryption contexts as strings or procs to kms_attr and kms_arg/args. Default is none.
 ```ruby

data/lib/kms_rails/active_job.rb

@@ -21,7 +21,10 @@ module KmsRails
           args = args.dup
 
           field_numbers.each do |i|
-            args[i] = enc.encrypt64(args[i]) unless args[i].nil?
+            # We skip encoding if nil or if already encrypted
+            unless args[i].nil? || (args[i].class == Hash && args[i].keys.to_set == ['key', 'iv', 'blob'].to_set)
+              args[i] = enc.encrypt64(args[i])
+            end
           end
 
           super(args)

data/lib/kms_rails/active_record.rb

@@ -35,7 +35,7 @@ module KmsRails
         end
 
         define_method "#{real_field}" do
-          get_hash(field)
+          Core.to64( get_hash(field) )
         end
 
         define_method "#{field}" do

data/lib/kms_rails/core.rb

@@ -30,7 +30,7 @@ module KmsRails
     end
 
     def encrypt64(data)
-      encrypt(data).map { |k,v| [k, Base64.strict_encode64(v)] }.to_h
+      self.class.to64(encrypt(data))
     end
 
     def decrypt(data_obj)
@@ -42,7 +42,7 @@ module KmsRails
     end
     
     def decrypt64(data_obj)
-      decrypt( data_obj.map { |k,v| [k, Base64.strict_decode64(v)] }.to_h )
+      decrypt( self.class.from64(data_obj) )
     end
 
     def key_id
@@ -65,6 +65,14 @@ module KmsRails
       str.tr!("\0-\xff".b, "\0".b)
     end
 
+    def self.to64(data_obj)
+      data_obj.map { |k,v| [k, Base64.strict_encode64(v)] }.to_h
+    end
+
+    def self.from64(data_obj)
+      data_obj.map { |k,v| [k, Base64.strict_decode64(v)] }.to_h
+    end
+
     private 
 
     def apply_context(args, key, value)

data/lib/kms_rails/version.rb

@@ -1,3 +1,3 @@
 module KmsRails
-  VERSION = "0.0.3"
+  VERSION = "0.0.4"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kms_rails
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Ash Tyndall
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-12-02 00:00:00.000000000 Z
+date: 2016-12-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord