portunus 0.3.6 → 0.3.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/portunus/rotators/dek.rb +14 -10
- data/lib/portunus/tasks/rotate_keys.rake +10 -6
- data/lib/portunus/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 55b4d7fa50d9b1784676c0cafbf30617b9eefa4fc441c2a6eb6db96b64b5a953
|
4
|
+
data.tar.gz: 647f2b1b543b9bd490d39e39d39d8178ab44a45f90a0b44aee1ffa7eacfa09ec
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b2bcd7c135f15758e05ebe0c94a3cd8b88b944db67440c0d2f535cb76af0aa8829ed89048e0b28fc9f354209b3235ffeb6679cf3ec4ede699a60861dd441934b
|
7
|
+
data.tar.gz: 1b16cfedbe5fa06809416e4f439612216ec9e08c221f44ca9c8b4af80d0a3b5729536d77e54486c8e53afd8fe7861d09381ccec361949c7a65fa46e39922cc5d
|
@@ -12,20 +12,24 @@ module Portunus
|
|
12
12
|
def rotate
|
13
13
|
encryptable = data_encryption_key.encryptable
|
14
14
|
|
15
|
-
|
16
|
-
|
17
|
-
|
15
|
+
Rails.logger.debug(
|
16
|
+
"Rotating Encryptable: #{encryptable.class}, id: #{encryptable.id}"
|
17
|
+
)
|
18
|
+
|
19
|
+
ActiveRecord::Base.transaction do
|
20
|
+
encryptable.class.encrypted_fields_list.map do |field_name|
|
21
|
+
field_value_map[field_name.to_sym] = encryptable.send(field_name.to_sym)
|
22
|
+
end
|
18
23
|
|
19
|
-
|
24
|
+
data_encryption_key.update(encrypted_key: new_encrypted_key)
|
25
|
+
encryptable.data_encryption_key.reload
|
20
26
|
|
21
|
-
|
22
|
-
|
23
|
-
|
27
|
+
field_value_map.map do |field_name, value|
|
28
|
+
encryptable.send("#{field_name}=".to_sym, value)
|
29
|
+
end
|
24
30
|
|
25
|
-
ActiveRecord::Base.transaction do
|
26
31
|
encryptable.save
|
27
|
-
data_encryption_key.last_dek_rotation
|
28
|
-
data_encryption_key.save
|
32
|
+
data_encryption_key.update(last_dek_rotation: DateTime.now)
|
29
33
|
end
|
30
34
|
|
31
35
|
true
|
@@ -1,12 +1,16 @@
|
|
1
1
|
namespace :portunus do
|
2
2
|
desc "Rotate KEK keys, reencrypt the deks"
|
3
3
|
task rotate_keks: :environment do
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
4
|
+
if ENV["FORCE"] == "true"
|
5
|
+
scope = ::Portunus::DataEncryptionKey.all
|
6
|
+
else
|
7
|
+
scope = ::Portunus::DataEncryptionKey.
|
8
|
+
where(
|
9
|
+
"last_kek_rotation < ? or (created_at < ? and last_kek_rotation is null)",
|
10
|
+
DateTime.now - ::Portunus.configuration.max_key_duration,
|
11
|
+
DateTime.now - ::Portunus.configuration.max_key_duration
|
12
|
+
)
|
13
|
+
end
|
10
14
|
|
11
15
|
scope.in_batches do |relation|
|
12
16
|
relation.map do |encryption_key|
|
data/lib/portunus/version.rb
CHANGED