portunus 0.3.3 → 0.3.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +4 -3
- data/lib/portunus/rotators/dek.rb +19 -9
- data/lib/portunus/rotators/kek.rb +1 -1
- data/lib/portunus/tasks/rotate_keys.rake +13 -9
- data/lib/portunus/version.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8b21fe1e0d1e035b9b1c63090614ccd35441c67c1eac178eaec02577b609ace9
|
4
|
+
data.tar.gz: e4a7c519d2d9a246f78a7090baaef0c59749af0505e899b06aa5ac1b8829adfa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 70f75238d178f9a3dd7c00958b09b65dd94295cd2b606e77168f6813552b86a4b814d34753952d692f6effdb5f313859947218dcf4be7cd6d490206cd1cf80b5
|
7
|
+
data.tar.gz: df93281691c7c368aed0008b55b79331da5ef2721c2a6b64d1392613d1aa5a43b14309b631f5f4ea94be277d411dce51b0fa87d491bcdcc384537b81a332e073
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
portunus (0.3.
|
4
|
+
portunus (0.3.8)
|
5
5
|
openssl (>= 2.1.0)
|
6
6
|
rails (>= 5.0.0)
|
7
7
|
|
@@ -79,7 +79,6 @@ GEM
|
|
79
79
|
activesupport (>= 4.2.0)
|
80
80
|
i18n (1.8.2)
|
81
81
|
concurrent-ruby (~> 1.0)
|
82
|
-
ipaddr (1.2.2)
|
83
82
|
json (2.3.0)
|
84
83
|
loofah (2.4.0)
|
85
84
|
crass (~> 1.0.2)
|
@@ -97,7 +96,6 @@ GEM
|
|
97
96
|
nokogiri (1.10.9)
|
98
97
|
mini_portile2 (~> 2.4.0)
|
99
98
|
openssl (2.1.2)
|
100
|
-
ipaddr
|
101
99
|
pry (0.12.2)
|
102
100
|
coderay (~> 1.1.0)
|
103
101
|
method_source (~> 0.9.0)
|
@@ -185,3 +183,6 @@ DEPENDENCIES
|
|
185
183
|
rspec
|
186
184
|
simplecov (~> 0.17.1)
|
187
185
|
sqlite3
|
186
|
+
|
187
|
+
BUNDLED WITH
|
188
|
+
2.1.4
|
@@ -12,20 +12,30 @@ module Portunus
|
|
12
12
|
def rotate
|
13
13
|
encryptable = data_encryption_key.encryptable
|
14
14
|
|
15
|
-
encryptable.
|
16
|
-
|
15
|
+
if encryptable.blank?
|
16
|
+
Rails.logger.debug("Dek id: #{data_encryption_key.id} is missing it's encryptable... deleting")
|
17
|
+
data_encryption_key.destroy
|
18
|
+
return true
|
17
19
|
end
|
18
20
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
encryptable.send("#{field_name}=".to_sym, value)
|
23
|
-
end
|
21
|
+
Rails.logger.debug(
|
22
|
+
"Rotating Encryptable: #{encryptable.class}, id: #{encryptable.id}"
|
23
|
+
)
|
24
24
|
|
25
25
|
ActiveRecord::Base.transaction do
|
26
|
+
encryptable.class.encrypted_fields_list.map do |field_name|
|
27
|
+
field_value_map[field_name.to_sym] = encryptable.send(field_name.to_sym)
|
28
|
+
end
|
29
|
+
|
30
|
+
data_encryption_key.update(encrypted_key: new_encrypted_key)
|
31
|
+
encryptable.data_encryption_key.reload
|
32
|
+
|
33
|
+
field_value_map.map do |field_name, value|
|
34
|
+
encryptable.send("#{field_name}=".to_sym, value)
|
35
|
+
end
|
36
|
+
|
26
37
|
encryptable.save
|
27
|
-
data_encryption_key.last_dek_rotation
|
28
|
-
data_encryption_key.save
|
38
|
+
data_encryption_key.update(last_dek_rotation: DateTime.now)
|
29
39
|
end
|
30
40
|
|
31
41
|
true
|
@@ -1,12 +1,16 @@
|
|
1
1
|
namespace :portunus do
|
2
2
|
desc "Rotate KEK keys, reencrypt the deks"
|
3
3
|
task rotate_keks: :environment do
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
4
|
+
if ENV["FORCE"] == "true"
|
5
|
+
scope = ::Portunus::DataEncryptionKey.all
|
6
|
+
else
|
7
|
+
scope = ::Portunus::DataEncryptionKey.
|
8
|
+
where(
|
9
|
+
"last_kek_rotation < ? or (created_at < ? and last_kek_rotation is null)",
|
10
|
+
DateTime.now - ::Portunus.configuration.max_key_duration,
|
11
|
+
DateTime.now - ::Portunus.configuration.max_key_duration
|
12
|
+
)
|
13
|
+
end
|
10
14
|
|
11
15
|
scope.in_batches do |relation|
|
12
16
|
relation.map do |encryption_key|
|
@@ -22,9 +26,9 @@ namespace :portunus do
|
|
22
26
|
else
|
23
27
|
scope = ::Portunus::DataEncryptionKey.
|
24
28
|
where(
|
25
|
-
"last_dek_rotation < ? or (created_at < ? and last_dek_rotation is null",
|
26
|
-
::Portunus.configuration.max_key_duration,
|
27
|
-
::Portunus.configuration.max_key_duration
|
29
|
+
"last_dek_rotation < ? or (created_at < ? and last_dek_rotation is null)",
|
30
|
+
DateTime.now - ::Portunus.configuration.max_key_duration,
|
31
|
+
DateTime.now - ::Portunus.configuration.max_key_duration
|
28
32
|
)
|
29
33
|
end
|
30
34
|
scope.in_batches do |relation|
|
data/lib/portunus/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: portunus
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Colin Petruno
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-08-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -234,8 +234,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
234
234
|
- !ruby/object:Gem::Version
|
235
235
|
version: '0'
|
236
236
|
requirements: []
|
237
|
-
|
238
|
-
rubygems_version: 2.7.6.2
|
237
|
+
rubygems_version: 3.1.4
|
239
238
|
signing_key:
|
240
239
|
specification_version: 4
|
241
240
|
summary: DEK and KEK Encryption for Rails
|