kms_rails 0.0.8 → 0.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.codeclimate.yml +2 -2
- data/.travis.yml +5 -3
- data/README.md +3 -3
- data/kms_rails.gemspec +2 -2
- data/lib/kms_rails/active_record.rb +7 -3
- data/lib/kms_rails/configuration.rb +21 -16
- data/lib/kms_rails/version.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c32a6946896948a35897141c29535c1138a5a788
|
4
|
+
data.tar.gz: 72b96ea275fc245e92b9a0ad2c18bb332e669689
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f6708eb1f9ef4d19312eee938c41367d55d1e6cc5239dcac3912f696166c6d4c4e08fcfe374fabe47b41623965692b49755479fd5c06dc2114a3322e2d8de889
|
7
|
+
data.tar.gz: 8632b1a8e2d59e4b62768a823a409eb2cfff9914fadc8013fa078009c30c17e34b3b9551da1a2c6d90d2ac8275149526e1f858fd044bc7e7b95fbee858888c08
|
data/.codeclimate.yml
CHANGED
data/.travis.yml
CHANGED
data/README.md
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
[![Build Status](https://travis-ci.org/appbot/kms_rails.svg)](https://travis-ci.org/appbot/kms_rails)
|
2
2
|
[![Code Climate](https://codeclimate.com/github/appbot/kms_rails/badges/gpa.svg)](https://codeclimate.com/github/appbot/kms_rails) [![Test Coverage](https://codeclimate.com/github/appbot/kms_rails/badges/coverage.svg)](https://codeclimate.com/github/appbot/kms_rails/coverage)
|
3
3
|
|
4
|
-
#kms_rails
|
4
|
+
# kms_rails
|
5
5
|
|
6
6
|
kms_rails (based on [kms_attrs](https://github.com/justinoue/kms_attrs)) is a gem for easily adding Amazon Web Services KMS encryption to your ActiveRecord model attributes and ActiveJob arguments. It uses the GenerateDataKey method to perform "envelope" encryption locally with an OpenSSL AES-256-CBC cipher.
|
7
7
|
|
@@ -95,7 +95,7 @@ MyImportantJob.perform_later(value)
|
|
95
95
|
|
96
96
|
In this instance, `value` will not be decrypted, nor encrypted twice.
|
97
97
|
|
98
|
-
##Additional Options
|
98
|
+
## Additional Options
|
99
99
|
You can add encryption contexts as strings or procs to kms_attr and kms_arg/args. Default is none.
|
100
100
|
```ruby
|
101
101
|
kms_attr :my_attribute, key_id: 'my-aws-kms-key-id',
|
@@ -105,7 +105,7 @@ kms_attr :my_attribute, key_id: 'my-aws-kms-key-id',
|
|
105
105
|
context_key: Proc.new { }, context_value: Proc.new { }
|
106
106
|
```
|
107
107
|
|
108
|
-
##Aws Configuration
|
108
|
+
## Aws Configuration
|
109
109
|
This gem expects some standard Aws SDK configuration. The Aws client is initiated with no credentials. This should then load credentials either from ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'], `Aws` object, or an IAM role on an EC2 instance.
|
110
110
|
|
111
111
|
You can configure your region in a Rails initializer with;
|
data/kms_rails.gemspec
CHANGED
@@ -20,8 +20,8 @@ Gem::Specification.new do |spec|
|
|
20
20
|
spec.require_paths = ["lib"]
|
21
21
|
spec.required_ruby_version = '>= 2.1'
|
22
22
|
|
23
|
-
spec.add_runtime_dependency "activerecord", "
|
24
|
-
spec.add_runtime_dependency "activejob", "
|
23
|
+
spec.add_runtime_dependency "activerecord", ">= 4"
|
24
|
+
spec.add_runtime_dependency "activejob", ">= 4"
|
25
25
|
spec.add_runtime_dependency "aws-sdk", "~> 2"
|
26
26
|
spec.add_runtime_dependency "msgpack"
|
27
27
|
|
@@ -14,13 +14,14 @@ module KmsRails
|
|
14
14
|
include InstanceMethods
|
15
15
|
|
16
16
|
real_field = "#{field}_enc"
|
17
|
-
raise RuntimeError, "Field '#{
|
18
|
-
raise RuntimeError, "Field '#{field}' must not be a real column, '#{real_field}' is the real column" if self.column_names.include?(field)
|
17
|
+
raise RuntimeError, "Field '#{field}' must not be a real column, '#{real_field}' is the real column" if self.column_names.include?(field.to_s)
|
19
18
|
|
20
19
|
enc = Core.new(key_id: key_id, msgpack: msgpack, context_key: context_key, context_value: context_value)
|
21
20
|
|
22
21
|
define_method "#{field}=" do |data|
|
23
|
-
|
22
|
+
raise RuntimeError, "Field '#{real_field}' must exist to store encrypted data" unless self.class.column_names.include?(real_field)
|
23
|
+
|
24
|
+
if data.blank? # Just set to nil if nil
|
24
25
|
clear_retained(field)
|
25
26
|
self[real_field] = nil
|
26
27
|
return
|
@@ -34,10 +35,13 @@ module KmsRails
|
|
34
35
|
end
|
35
36
|
|
36
37
|
define_method "#{real_field}" do
|
38
|
+
raise RuntimeError, "Field '#{real_field}' must exist to retrieve encrypted data" unless self.class.column_names.include?(real_field)
|
37
39
|
Core.to64( get_hash(field) )
|
38
40
|
end
|
39
41
|
|
40
42
|
define_method "#{field}" do
|
43
|
+
raise RuntimeError, "Field '#{real_field}' must exist to retrieve decrypted data" unless self.class.column_names.include?(real_field)
|
44
|
+
|
41
45
|
hash = get_hash(field)
|
42
46
|
return nil unless hash
|
43
47
|
|
@@ -1,23 +1,28 @@
|
|
1
1
|
module KmsRails
|
2
|
-
|
3
|
-
|
4
|
-
end
|
2
|
+
module ConfigurationBase
|
3
|
+
attr_writer :configuration
|
5
4
|
|
6
|
-
|
7
|
-
|
8
|
-
yield(configuration)
|
9
|
-
end
|
5
|
+
class Configuration
|
6
|
+
attr_accessor :fake_kms_api, :alias_prefix
|
10
7
|
|
11
|
-
|
12
|
-
|
13
|
-
|
8
|
+
def initialize
|
9
|
+
@fake_kms_api = false
|
10
|
+
@alias_prefix = ''
|
11
|
+
end
|
12
|
+
end
|
14
13
|
|
15
|
-
|
16
|
-
|
14
|
+
def configuration
|
15
|
+
@configuration ||= Configuration.new
|
16
|
+
end
|
17
|
+
|
18
|
+
def configure
|
19
|
+
yield(self.configuration)
|
20
|
+
end
|
17
21
|
|
18
|
-
def
|
19
|
-
@
|
20
|
-
@alias_prefix = ''
|
22
|
+
def reset_config
|
23
|
+
@configuration = Configuration.new
|
21
24
|
end
|
22
25
|
end
|
23
|
-
|
26
|
+
|
27
|
+
extend ConfigurationBase
|
28
|
+
end
|
data/lib/kms_rails/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kms_rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ash Tyndall
|
@@ -9,34 +9,34 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2018-01-30 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activerecord
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
17
17
|
requirements:
|
18
|
-
- - "
|
18
|
+
- - ">="
|
19
19
|
- !ruby/object:Gem::Version
|
20
20
|
version: '4'
|
21
21
|
type: :runtime
|
22
22
|
prerelease: false
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
24
24
|
requirements:
|
25
|
-
- - "
|
25
|
+
- - ">="
|
26
26
|
- !ruby/object:Gem::Version
|
27
27
|
version: '4'
|
28
28
|
- !ruby/object:Gem::Dependency
|
29
29
|
name: activejob
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
31
31
|
requirements:
|
32
|
-
- - "
|
32
|
+
- - ">="
|
33
33
|
- !ruby/object:Gem::Version
|
34
34
|
version: '4'
|
35
35
|
type: :runtime
|
36
36
|
prerelease: false
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
38
38
|
requirements:
|
39
|
-
- - "
|
39
|
+
- - ">="
|
40
40
|
- !ruby/object:Gem::Version
|
41
41
|
version: '4'
|
42
42
|
- !ruby/object:Gem::Dependency
|