portunus 0.3.1 → 0.3.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +4 -5
- data/README.md +19 -1
- data/lib/portunus/field_configurer.rb +0 -1
- data/lib/portunus/tasks/rotate_keys.rake +6 -6
- data/lib/portunus/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7ce3eac0af0a8a0fa451fb24de5cdddbc7741ce5bf043e669b580b2ae8f7045d
|
4
|
+
data.tar.gz: 901ec596dc6b5ca9f2a304fd90fe5cb260bffce513209b3b28cfdbf98d199fd5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 721a12bf89394e876fac117f866e2938fb2a57805472fd53978cba626e6a9cbc82cf4c4462a6402ca31dbab2c8577a657cfe3445271df022b558d908db5d177d
|
7
|
+
data.tar.gz: 370cb0e5ae67bde8c1d0517586fd19802f14527337c087809578162411a06f7c97d9a109fc1f2c207557141ba474d42de75a66816e2f96e03f3ae90cb9aebbca
|
data/Gemfile.lock
CHANGED
@@ -1,8 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
portunus (0.3.
|
5
|
-
aes
|
4
|
+
portunus (0.3.5)
|
6
5
|
openssl (>= 2.1.0)
|
7
6
|
rails (>= 5.0.0)
|
8
7
|
|
@@ -64,7 +63,6 @@ GEM
|
|
64
63
|
minitest (~> 5.1)
|
65
64
|
tzinfo (~> 1.1)
|
66
65
|
zeitwerk (~> 2.2)
|
67
|
-
aes (0.5.0)
|
68
66
|
binding_of_caller (0.8.0)
|
69
67
|
debug_inspector (>= 0.0.1)
|
70
68
|
builder (3.2.4)
|
@@ -81,7 +79,6 @@ GEM
|
|
81
79
|
activesupport (>= 4.2.0)
|
82
80
|
i18n (1.8.2)
|
83
81
|
concurrent-ruby (~> 1.0)
|
84
|
-
ipaddr (1.2.2)
|
85
82
|
json (2.3.0)
|
86
83
|
loofah (2.4.0)
|
87
84
|
crass (~> 1.0.2)
|
@@ -99,7 +96,6 @@ GEM
|
|
99
96
|
nokogiri (1.10.9)
|
100
97
|
mini_portile2 (~> 2.4.0)
|
101
98
|
openssl (2.1.2)
|
102
|
-
ipaddr
|
103
99
|
pry (0.12.2)
|
104
100
|
coderay (~> 1.1.0)
|
105
101
|
method_source (~> 0.9.0)
|
@@ -187,3 +183,6 @@ DEPENDENCIES
|
|
187
183
|
rspec
|
188
184
|
simplecov (~> 0.17.1)
|
189
185
|
sqlite3
|
186
|
+
|
187
|
+
BUNDLED WITH
|
188
|
+
2.1.4
|
data/README.md
CHANGED
@@ -54,13 +54,31 @@ include Portunus::Encryptable
|
|
54
54
|
```
|
55
55
|
|
56
56
|
### Set up your master keys
|
57
|
+
|
57
58
|
Portunus comes with two adaptors for your master keys, "credentials" and
|
58
59
|
"environment". This should cover the most common deploy scenarios. Before
|
59
60
|
Portunus can function, enabled master keys need to be added. There is a
|
60
61
|
generator to create the keys for you to then install in the proper
|
61
|
-
location.
|
62
|
+
location.
|
62
63
|
|
63
64
|
$ bundle exec rake portunus:generate_master_keys
|
65
|
+
|
66
|
+
If you are using the credentials adaptor (default), add the keys here.
|
67
|
+
Make sure to generate keys for each environment.
|
68
|
+
|
69
|
+
$ bundle exec rails credentials:edit --environment=development
|
70
|
+
|
71
|
+
#### Spring / Postgres / OSX
|
72
|
+
|
73
|
+
When using this combination a bug may arise that prompts a weird error message:
|
74
|
+
|
75
|
+
$ objc[4182]: +[__NSPlaceholderDictionary initialize] may have been in progress in another thread when fork() was called.
|
76
|
+
|
77
|
+
You can circumvent it by using the below command in High Sierra / Catalina. It
|
78
|
+
might not work in Mojave but I believe this issue unrelated to Portunus.
|
79
|
+
Alternatively just don't use spring.
|
80
|
+
|
81
|
+
$ export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
|
64
82
|
|
65
83
|
### Additional devise notes
|
66
84
|
|
@@ -3,9 +3,9 @@ namespace :portunus do
|
|
3
3
|
task rotate_keks: :environment do
|
4
4
|
scope = ::Portunus::DataEncryptionKey.
|
5
5
|
where(
|
6
|
-
"last_kek_rotation < ? or (created_at < ? and last_kek_rotation is null",
|
7
|
-
::Portunus.configuration.max_key_duration,
|
8
|
-
::Portunus.configuration.max_key_duration
|
6
|
+
"last_kek_rotation < ? or (created_at < ? and last_kek_rotation is null)",
|
7
|
+
DateTime.now - ::Portunus.configuration.max_key_duration,
|
8
|
+
DateTime.now - ::Portunus.configuration.max_key_duration
|
9
9
|
)
|
10
10
|
|
11
11
|
scope.in_batches do |relation|
|
@@ -22,9 +22,9 @@ namespace :portunus do
|
|
22
22
|
else
|
23
23
|
scope = ::Portunus::DataEncryptionKey.
|
24
24
|
where(
|
25
|
-
"last_dek_rotation < ? or (created_at < ? and last_dek_rotation is null",
|
26
|
-
::Portunus.configuration.max_key_duration,
|
27
|
-
::Portunus.configuration.max_key_duration
|
25
|
+
"last_dek_rotation < ? or (created_at < ? and last_dek_rotation is null)",
|
26
|
+
DateTime.now - ::Portunus.configuration.max_key_duration,
|
27
|
+
DateTime.now - ::Portunus.configuration.max_key_duration
|
28
28
|
)
|
29
29
|
end
|
30
30
|
scope.in_batches do |relation|
|
data/lib/portunus/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: portunus
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Colin Petruno
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-07-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -234,7 +234,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
234
234
|
- !ruby/object:Gem::Version
|
235
235
|
version: '0'
|
236
236
|
requirements: []
|
237
|
-
rubygems_version: 3.
|
237
|
+
rubygems_version: 3.1.4
|
238
238
|
signing_key:
|
239
239
|
specification_version: 4
|
240
240
|
summary: DEK and KEK Encryption for Rails
|