portunus 0.3.6 → 0.3.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/portunus/rotators/dek.rb +14 -10
  3. data/lib/portunus/tasks/rotate_keys.rake +10 -6
  4. data/lib/portunus/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7ce3eac0af0a8a0fa451fb24de5cdddbc7741ce5bf043e669b580b2ae8f7045d
4
- data.tar.gz: 901ec596dc6b5ca9f2a304fd90fe5cb260bffce513209b3b28cfdbf98d199fd5
3
+ metadata.gz: 55b4d7fa50d9b1784676c0cafbf30617b9eefa4fc441c2a6eb6db96b64b5a953
4
+ data.tar.gz: 647f2b1b543b9bd490d39e39d39d8178ab44a45f90a0b44aee1ffa7eacfa09ec
5
5
  SHA512:
6
- metadata.gz: 721a12bf89394e876fac117f866e2938fb2a57805472fd53978cba626e6a9cbc82cf4c4462a6402ca31dbab2c8577a657cfe3445271df022b558d908db5d177d
7
- data.tar.gz: 370cb0e5ae67bde8c1d0517586fd19802f14527337c087809578162411a06f7c97d9a109fc1f2c207557141ba474d42de75a66816e2f96e03f3ae90cb9aebbca
6
+ metadata.gz: b2bcd7c135f15758e05ebe0c94a3cd8b88b944db67440c0d2f535cb76af0aa8829ed89048e0b28fc9f354209b3235ffeb6679cf3ec4ede699a60861dd441934b
7
+ data.tar.gz: 1b16cfedbe5fa06809416e4f439612216ec9e08c221f44ca9c8b4af80d0a3b5729536d77e54486c8e53afd8fe7861d09381ccec361949c7a65fa46e39922cc5d
data/lib/portunus/rotators/dek.rb CHANGED
@@ -12,20 +12,24 @@ module Portunus
12
12
  def rotate
13
13
  encryptable = data_encryption_key.encryptable
14
14
 
15
- encryptable.class.encrypted_fields_list.map do |field_name|
16
- field_value_map[field_name.to_sym] = encryptable.send(field_name.to_sym)
17
- end
15
+ Rails.logger.debug(
16
+ "Rotating Encryptable: #{encryptable.class}, id: #{encryptable.id}"
17
+ )
18
+
19
+ ActiveRecord::Base.transaction do
20
+ encryptable.class.encrypted_fields_list.map do |field_name|
21
+ field_value_map[field_name.to_sym] = encryptable.send(field_name.to_sym)
22
+ end
18
23
 
19
- data_encryption_key.encrypted_key = new_encrypted_key
24
+ data_encryption_key.update(encrypted_key: new_encrypted_key)
25
+ encryptable.data_encryption_key.reload
20
26
 
21
- field_value_map.map do |field_name, value|
22
- encryptable.send("#{field_name}=".to_sym, value)
23
- end
27
+ field_value_map.map do |field_name, value|
28
+ encryptable.send("#{field_name}=".to_sym, value)
29
+ end
24
30
 
25
- ActiveRecord::Base.transaction do
26
31
  encryptable.save
27
- data_encryption_key.last_dek_rotation = DateTime.now
28
- data_encryption_key.save
32
+ data_encryption_key.update(last_dek_rotation: DateTime.now)
29
33
  end
30
34
 
31
35
  true
data/lib/portunus/tasks/rotate_keys.rake CHANGED
@@ -1,12 +1,16 @@
1
1
  namespace :portunus do
2
2
  desc "Rotate KEK keys, reencrypt the deks"
3
3
  task rotate_keks: :environment do
4
- scope = ::Portunus::DataEncryptionKey.
5
- where(
6
- "last_kek_rotation < ? or (created_at < ? and last_kek_rotation is null)",
7
- DateTime.now - ::Portunus.configuration.max_key_duration,
8
- DateTime.now - ::Portunus.configuration.max_key_duration
9
- )
4
+ if ENV["FORCE"] == "true"
5
+ scope = ::Portunus::DataEncryptionKey.all
6
+ else
7
+ scope = ::Portunus::DataEncryptionKey.
8
+ where(
9
+ "last_kek_rotation < ? or (created_at < ? and last_kek_rotation is null)",
10
+ DateTime.now - ::Portunus.configuration.max_key_duration,
11
+ DateTime.now - ::Portunus.configuration.max_key_duration
12
+ )
13
+ end
10
14
 
11
15
  scope.in_batches do |relation|
12
16
  relation.map do |encryption_key|
data/lib/portunus/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Portunus
2
- VERSION = "0.3.6"
2
+ VERSION = "0.3.7"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: portunus
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.6
4
+ version: 0.3.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Colin Petruno