mongoid-kms 0.0.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +14 -0
- data/Gemfile +4 -0
- data/Guardfile +43 -0
- data/LICENSE.txt +22 -0
- data/README.md +52 -0
- data/Rakefile +2 -0
- data/circle.yml +6 -0
- data/lib/mongoid/kms.rb +81 -0
- data/lib/mongoid/kms/version.rb +5 -0
- data/mongoid-kms.gemspec +32 -0
- data/spec/lib/mongoid/kms_spec.rb +22 -0
- data/spec/mongoid.yml +6 -0
- data/spec/spec_helper.rb +20 -0
- metadata +186 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 152ab9efb3d3ff2f8b71da1554c5777c3755314c
|
4
|
+
data.tar.gz: d81114ff55dd6e86c452a9373b50a335ce0fb322
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 9186bceab9122577c6333488bee6980acfbb18b1640476b061e01b4a7e593bc7630a8c00ac68ab1319e7635bfd934ec7db8d5b46f62ad7b616337ad8f9a3dc20
|
7
|
+
data.tar.gz: 5bd3f7ceb2b21d1db72847cc5883958f901a3d26d5762473f0fbdb603eb5908e85a1ef4464c10d74c9e2bf9371989d1974566947625ede1d29b7164a24e2490b
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/Guardfile
ADDED
@@ -0,0 +1,43 @@
|
|
1
|
+
# A sample Guardfile
|
2
|
+
# More info at https://github.com/guard/guard#readme
|
3
|
+
|
4
|
+
## Uncomment and set this to only include directories you want to watch
|
5
|
+
# directories %(app lib config test spec feature)
|
6
|
+
|
7
|
+
## Uncomment to clear the screen before every task
|
8
|
+
# clearing :on
|
9
|
+
|
10
|
+
guard :bundler do
|
11
|
+
require 'guard/bundler'
|
12
|
+
require 'guard/bundler/verify'
|
13
|
+
helper = Guard::Bundler::Verify.new
|
14
|
+
|
15
|
+
files = ['Gemfile']
|
16
|
+
files += Dir['*.gemspec'] if files.any? { |f| helper.uses_gemspec?(f) }
|
17
|
+
|
18
|
+
# Assume files are symlinked from somewhere
|
19
|
+
files.each { |file| watch(helper.real_path(file)) }
|
20
|
+
end
|
21
|
+
|
22
|
+
# Note: The cmd option is now required due to the increasing number of ways
|
23
|
+
# rspec may be run, below are examples of the most common uses.
|
24
|
+
# * bundler: 'bundle exec rspec'
|
25
|
+
# * bundler binstubs: 'bin/rspec'
|
26
|
+
# * spring: 'bin/rspec' (This will use spring if running and you have
|
27
|
+
# installed the spring binstubs per the docs)
|
28
|
+
# * zeus: 'zeus rspec' (requires the server to be started separately)
|
29
|
+
# * 'just' rspec: 'rspec'
|
30
|
+
|
31
|
+
guard :rspec, cmd: "bundle exec rspec" do
|
32
|
+
require "ostruct"
|
33
|
+
|
34
|
+
# Generic Ruby apps
|
35
|
+
rspec = OpenStruct.new
|
36
|
+
rspec.spec = ->(m) { "spec/#{m}_spec.rb" }
|
37
|
+
rspec.spec_dir = "spec"
|
38
|
+
rspec.spec_helper = "spec/spec_helper.rb"
|
39
|
+
|
40
|
+
watch(%r{^spec/.+_spec\.rb$})
|
41
|
+
watch(%r{^lib/(.+)\.rb$}) { |m| rspec.spec.("lib/#{m[1]}") }
|
42
|
+
watch(rspec.spec_helper) { rspec.spec_dir }
|
43
|
+
end
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2014 Chris Winslett
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,52 @@
|
|
1
|
+
# Mongoid::Kms
|
2
|
+
|
3
|
+
Easily encrypt your datas using AWS's KSM.
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
Add this line to your application's Gemfile:
|
8
|
+
|
9
|
+
```ruby
|
10
|
+
gem 'mongoid-kms'
|
11
|
+
```
|
12
|
+
|
13
|
+
And then execute:
|
14
|
+
|
15
|
+
$ bundle
|
16
|
+
|
17
|
+
Or install it yourself as:
|
18
|
+
|
19
|
+
$ gem install mongoid-kms
|
20
|
+
|
21
|
+
## Usage
|
22
|
+
|
23
|
+
Environmental variables to include:
|
24
|
+
|
25
|
+
```
|
26
|
+
AWS_ACCESS_KEY_ID # an IAM access key
|
27
|
+
AWS_SECRET_ACCESS_KEY # an IAM access secret
|
28
|
+
```
|
29
|
+
|
30
|
+
Somewhere before your run your application, you will need to add this:
|
31
|
+
|
32
|
+
```ruby
|
33
|
+
Mongoid::Kms.configure({region: "us-east-1", key: "your aws kms key id i.e <02342-234-232-234-234>"})
|
34
|
+
```
|
35
|
+
|
36
|
+
When defining yoru classes, `include Mongoid::Kms`, and use the
|
37
|
+
`secure_field` to define your fields with a required `:context`.
|
38
|
+
Context must return a hash.
|
39
|
+
|
40
|
+
```ruby
|
41
|
+
class MyClass
|
42
|
+
include Mongoid::Document
|
43
|
+
include Mongoid::Kms
|
44
|
+
|
45
|
+
secure_field :secure, type: String, context: lambda { |d| {name: d.name} }
|
46
|
+
field :unsecure
|
47
|
+
|
48
|
+
def name
|
49
|
+
@name ||= "me-#{Time.now.to_i}"
|
50
|
+
end
|
51
|
+
end
|
52
|
+
```
|
data/Rakefile
ADDED
data/circle.yml
ADDED
data/lib/mongoid/kms.rb
ADDED
@@ -0,0 +1,81 @@
|
|
1
|
+
require 'active_support/concern'
|
2
|
+
require 'aws-sdk'
|
3
|
+
require "mongoid/kms/version"
|
4
|
+
|
5
|
+
module Mongoid
|
6
|
+
module Kms
|
7
|
+
extend ActiveSupport::Concern
|
8
|
+
|
9
|
+
@configuration = {}
|
10
|
+
@kms = nil
|
11
|
+
|
12
|
+
def self.configure(args)
|
13
|
+
@configuration = args
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.configuration
|
17
|
+
@configuration || {}
|
18
|
+
end
|
19
|
+
|
20
|
+
def self.kms
|
21
|
+
@kms ||= Aws::KMS::Client.new(region: self.region)
|
22
|
+
end
|
23
|
+
|
24
|
+
def self.region
|
25
|
+
configuration[:region]
|
26
|
+
end
|
27
|
+
|
28
|
+
def self.key
|
29
|
+
configuration[:key]
|
30
|
+
end
|
31
|
+
|
32
|
+
module ClassMethods
|
33
|
+
def encrypt_field(field_name, value)
|
34
|
+
Mongoid::Kms.kms.encrypt({
|
35
|
+
key_id: Mongoid::Kms.key,
|
36
|
+
plaintext: value,
|
37
|
+
encryption_context: kms_context(field_name)
|
38
|
+
})[:ciphertext_blob].force_encoding('UTF-8')
|
39
|
+
end
|
40
|
+
|
41
|
+
def decrypt_field(field_name, data)
|
42
|
+
Mongoid::Kms.kms.decrypt({
|
43
|
+
ciphertext_blob: data,
|
44
|
+
encryption_context: kms_context(field_name)
|
45
|
+
})[:plaintext]
|
46
|
+
end
|
47
|
+
|
48
|
+
def kms_context(field_name)
|
49
|
+
c = @ksm_field_map[field_name.to_s][:context]
|
50
|
+
c = c.call(self) if c.is_a?(Proc)
|
51
|
+
c
|
52
|
+
end
|
53
|
+
|
54
|
+
def ksm_type(field_name)
|
55
|
+
@ksm_field_map[field_name.to_s][:type]
|
56
|
+
end
|
57
|
+
|
58
|
+
def secure_field(field_name, args)
|
59
|
+
encrypted_field_name = "kms_secure_#{field_name}"
|
60
|
+
|
61
|
+
@ksm_field_map ||= {}
|
62
|
+
@ksm_field_map[field_name.to_s] = {context: args.delete(:context), type: args.delete(:type)}
|
63
|
+
|
64
|
+
field encrypted_field_name, args.merge(type: BSON::Binary)
|
65
|
+
|
66
|
+
define_method(field_name) do
|
67
|
+
instance_variable_get("@#{field_name}") || begin
|
68
|
+
v = self.class.decrypt_field(field_name, send("kms_secure_#{field_name}"))
|
69
|
+
instance_variable_set("@#{field_name}", v)
|
70
|
+
v
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
define_method("#{field_name}=") do |value|
|
75
|
+
instance_variable_set("@#{field_name}", value)
|
76
|
+
self.send("#{encrypted_field_name}=", self.class.encrypt_field(field_name, value))
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
data/mongoid-kms.gemspec
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'mongoid/kms/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "mongoid-kms"
|
8
|
+
spec.version = Mongoid::Kms::VERSION
|
9
|
+
spec.authors = ["Chris Winslett"]
|
10
|
+
spec.email = ["chris@mongohq.com"]
|
11
|
+
spec.summary = %q{Easy plugin for Mongoid + AWS KMS for security}
|
12
|
+
spec.description = %q{Need to encrypt your datas? Use AWS's KMS for data encryption.}
|
13
|
+
spec.homepage = "https://github.com/compose/mongoid-kms"
|
14
|
+
spec.license = "MIT"
|
15
|
+
|
16
|
+
spec.files = `git ls-files -z`.split("\x0")
|
17
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
|
+
spec.require_paths = ["lib"]
|
20
|
+
|
21
|
+
spec.add_dependency "mongoid"
|
22
|
+
spec.add_dependency "activesupport"
|
23
|
+
spec.add_dependency "aws-sdk", "> 2.0.9.pre"
|
24
|
+
|
25
|
+
spec.add_development_dependency "bundler", "~> 1.7"
|
26
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
27
|
+
spec.add_development_dependency "rspec"
|
28
|
+
spec.add_development_dependency "guard-rspec"
|
29
|
+
spec.add_development_dependency "guard-bundler"
|
30
|
+
spec.add_development_dependency "byebug"
|
31
|
+
|
32
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Mongoid::Kms do
|
4
|
+
|
5
|
+
it "encrypts the secure fields" do
|
6
|
+
o = MyClass.new(secure: "batman", unsecure: "robin")
|
7
|
+
o.save!
|
8
|
+
|
9
|
+
expect(o.secure).to eq("batman")
|
10
|
+
expect(o.kms_secure_secure).to_not be_nil
|
11
|
+
end
|
12
|
+
|
13
|
+
it "descripts the secure fields" do
|
14
|
+
o = MyClass.new(secure: "batman", unsecure: "robin")
|
15
|
+
o.save!
|
16
|
+
|
17
|
+
o = MyClass.find(o.id)
|
18
|
+
expect(o.secure).to eq("batman")
|
19
|
+
expect(o.unsecure).to eq("robin")
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
data/spec/mongoid.yml
ADDED
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'mongoid'
|
2
|
+
require 'byebug'
|
3
|
+
|
4
|
+
require_relative '../lib/mongoid/kms'
|
5
|
+
|
6
|
+
Mongoid.load!("spec/mongoid.yml", :test)
|
7
|
+
|
8
|
+
class MyClass
|
9
|
+
include Mongoid::Document
|
10
|
+
include Mongoid::Kms
|
11
|
+
|
12
|
+
secure_field :secure, type: String, context: lambda { |d| {name: d.name} }
|
13
|
+
field :unsecure
|
14
|
+
|
15
|
+
def name
|
16
|
+
@name ||= "me-#{Time.now.to_i}"
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
Mongoid::Kms.configure({region: "us-east-1", key: ENV['AWS_KMS_KEY_ID']})
|
metadata
ADDED
@@ -0,0 +1,186 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: mongoid-kms
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.8
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Chris Winslett
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2014-12-12 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: mongoid
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - '>='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - '>='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: activesupport
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - '>='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - '>='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: aws-sdk
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - '>'
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 2.0.9.pre
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - '>'
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 2.0.9.pre
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: bundler
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ~>
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '1.7'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ~>
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '1.7'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rake
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ~>
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '10.0'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ~>
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '10.0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: rspec
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - '>='
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - '>='
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: guard-rspec
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - '>='
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '0'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - '>='
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: guard-bundler
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - '>='
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - '>='
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: byebug
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - '>='
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - '>='
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
139
|
+
description: Need to encrypt your datas? Use AWS's KMS for data encryption.
|
140
|
+
email:
|
141
|
+
- chris@mongohq.com
|
142
|
+
executables: []
|
143
|
+
extensions: []
|
144
|
+
extra_rdoc_files: []
|
145
|
+
files:
|
146
|
+
- .gitignore
|
147
|
+
- Gemfile
|
148
|
+
- Guardfile
|
149
|
+
- LICENSE.txt
|
150
|
+
- README.md
|
151
|
+
- Rakefile
|
152
|
+
- circle.yml
|
153
|
+
- lib/mongoid/kms.rb
|
154
|
+
- lib/mongoid/kms/version.rb
|
155
|
+
- mongoid-kms.gemspec
|
156
|
+
- spec/lib/mongoid/kms_spec.rb
|
157
|
+
- spec/mongoid.yml
|
158
|
+
- spec/spec_helper.rb
|
159
|
+
homepage: https://github.com/compose/mongoid-kms
|
160
|
+
licenses:
|
161
|
+
- MIT
|
162
|
+
metadata: {}
|
163
|
+
post_install_message:
|
164
|
+
rdoc_options: []
|
165
|
+
require_paths:
|
166
|
+
- lib
|
167
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
168
|
+
requirements:
|
169
|
+
- - '>='
|
170
|
+
- !ruby/object:Gem::Version
|
171
|
+
version: '0'
|
172
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
173
|
+
requirements:
|
174
|
+
- - '>='
|
175
|
+
- !ruby/object:Gem::Version
|
176
|
+
version: '0'
|
177
|
+
requirements: []
|
178
|
+
rubyforge_project:
|
179
|
+
rubygems_version: 2.4.3
|
180
|
+
signing_key:
|
181
|
+
specification_version: 4
|
182
|
+
summary: Easy plugin for Mongoid + AWS KMS for security
|
183
|
+
test_files:
|
184
|
+
- spec/lib/mongoid/kms_spec.rb
|
185
|
+
- spec/mongoid.yml
|
186
|
+
- spec/spec_helper.rb
|