portunus 0.3.6 → 0.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/portunus/rotators/dek.rb +14 -10
  3. data/lib/portunus/tasks/rotate_keys.rake +10 -6
  4. data/lib/portunus/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7ce3eac0af0a8a0fa451fb24de5cdddbc7741ce5bf043e669b580b2ae8f7045d
4
- data.tar.gz: 901ec596dc6b5ca9f2a304fd90fe5cb260bffce513209b3b28cfdbf98d199fd5
3
+ metadata.gz: 55b4d7fa50d9b1784676c0cafbf30617b9eefa4fc441c2a6eb6db96b64b5a953
4
+ data.tar.gz: 647f2b1b543b9bd490d39e39d39d8178ab44a45f90a0b44aee1ffa7eacfa09ec
5
5
  SHA512:
6
- metadata.gz: 721a12bf89394e876fac117f866e2938fb2a57805472fd53978cba626e6a9cbc82cf4c4462a6402ca31dbab2c8577a657cfe3445271df022b558d908db5d177d
7
- data.tar.gz: 370cb0e5ae67bde8c1d0517586fd19802f14527337c087809578162411a06f7c97d9a109fc1f2c207557141ba474d42de75a66816e2f96e03f3ae90cb9aebbca
6
+ metadata.gz: b2bcd7c135f15758e05ebe0c94a3cd8b88b944db67440c0d2f535cb76af0aa8829ed89048e0b28fc9f354209b3235ffeb6679cf3ec4ede699a60861dd441934b
7
+ data.tar.gz: 1b16cfedbe5fa06809416e4f439612216ec9e08c221f44ca9c8b4af80d0a3b5729536d77e54486c8e53afd8fe7861d09381ccec361949c7a65fa46e39922cc5d
data/lib/portunus/rotators/dek.rb CHANGED
@@ -12,20 +12,24 @@ module Portunus
12
12
  def rotate
13
13
  encryptable = data_encryption_key.encryptable
14
14
 
15
- encryptable.class.encrypted_fields_list.map do |field_name|
16
- field_value_map[field_name.to_sym] = encryptable.send(field_name.to_sym)
17
- end
15
+ Rails.logger.debug(
16
+ "Rotating Encryptable: #{encryptable.class}, id: #{encryptable.id}"
17
+ )
18
+
19
+ ActiveRecord::Base.transaction do
20
+ encryptable.class.encrypted_fields_list.map do |field_name|
21
+ field_value_map[field_name.to_sym] = encryptable.send(field_name.to_sym)
22
+ end
18
23
 
19
- data_encryption_key.encrypted_key = new_encrypted_key
24
+ data_encryption_key.update(encrypted_key: new_encrypted_key)
25
+ encryptable.data_encryption_key.reload
20
26
 
21
- field_value_map.map do |field_name, value|
22
- encryptable.send("#{field_name}=".to_sym, value)
23
- end
27
+ field_value_map.map do |field_name, value|
28
+ encryptable.send("#{field_name}=".to_sym, value)
29
+ end
24
30
 
25
- ActiveRecord::Base.transaction do
26
31
  encryptable.save
27
- data_encryption_key.last_dek_rotation = DateTime.now
28
- data_encryption_key.save
32
+ data_encryption_key.update(last_dek_rotation: DateTime.now)
29
33
  end
30
34
 
31
35
  true
data/lib/portunus/tasks/rotate_keys.rake CHANGED
@@ -1,12 +1,16 @@
1
1
  namespace :portunus do
2
2
  desc "Rotate KEK keys, reencrypt the deks"
3
3
  task rotate_keks: :environment do
4
- scope = ::Portunus::DataEncryptionKey.
5
- where(
6
- "last_kek_rotation < ? or (created_at < ? and last_kek_rotation is null)",
7
- DateTime.now - ::Portunus.configuration.max_key_duration,
8
- DateTime.now - ::Portunus.configuration.max_key_duration
9
- )
4
+ if ENV["FORCE"] == "true"
5
+ scope = ::Portunus::DataEncryptionKey.all
6
+ else
7
+ scope = ::Portunus::DataEncryptionKey.
8
+ where(
9
+ "last_kek_rotation < ? or (created_at < ? and last_kek_rotation is null)",
10
+ DateTime.now - ::Portunus.configuration.max_key_duration,
11
+ DateTime.now - ::Portunus.configuration.max_key_duration
12
+ )
13
+ end
10
14
 
11
15
  scope.in_batches do |relation|
12
16
  relation.map do |encryption_key|
data/lib/portunus/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Portunus
2
- VERSION = "0.3.6"
2
+ VERSION = "0.3.7"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: portunus
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.6
4
+ version: 0.3.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Colin Petruno