sidekiq-encrypted_args 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8ca6bc1fc5d72297d12bd0f232a87d4ecaa25979c92eba55ea127822fad621c2
-  data.tar.gz: 869bb08e744fa7366e3115a9c1ad7fc8d2d3887a88bee0af7465b0d6b62f5490
+  metadata.gz: bcde4f8a47a8b5b7e5a4c0d6fe8f351a5d62ec8b9390caac4697359b7efe0912
+  data.tar.gz: 135e9fd5a910bf450812fa8406b25579857bcd320c93ea6b6660ce4242376650
 SHA512:
-  metadata.gz: 4fc68145cdcfdc34ee2a07cbfd18357a73de96ac5b14a03a4ff09de3376bbba0e501bff181cbda9c964fa79c8e492637e9c7b40c3c4a5cbb82d348bc72be2654
-  data.tar.gz: 75418905177a4bea81d7995967d24dbcdb500b4ca6dcf6d528110676569e87dd857b33c04b3fd4aa821cc3200d956b9cd8de037730f08efeebca1cdc60e18378
+  metadata.gz: 1cb7e169a1dd94f2c081e75147a467984d1e9d0457ca0337b44a8b6cfd4db5e6217a1d41261f52f7a81ed1f9dbcfa837a7ef1d9a4498d694472e4df43289f321
+  data.tar.gz: e238bdd98f374db76e6363b46abd0b8ea2269723d780e30e8150fbb9aca958410fb759f12148abae4ffd418323fa58005b6229ed063db1bbbe02d59cd916e9e0

data/CHANGE_LOG.md

@@ -1,24 +1,58 @@
-# Change Log
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## 1.2.0
+
+### Removed
+
+- Removed deprecated method of setting encrypted args with a hash with numeric keys. This method stopped working with Sidekiq 7.1.
+- Removed deprecated method of setting encrypted args with an array of booleans.
+- Removed deprecated method of setting encrypted args with a mix of symbols and integers.
+
+## 1.1.1
+
+### Fixed
+
+- Client middleware will no longer encrypt already encrypted arguments when a job is retried.
 
 ## 1.1.0
 
-* Use `to_json` if it is defined when serializing encrypted args to JSON.
-* Add client middleware to the server default configuration. This ensures that arguments will be encrypted if a worker enqueues a job with encrypted arguments.
-* Client middleware now reads sidekiq options from the job hash instead of from the worker class so that the list of encrypted arguments is always in sync on the job payload.
-* Don't blow up if class name that is not defined is passed to client middleware.
-* Added additional option to specify encrypted args with array of argument indexes.
-* Deprecated setting encrypted args as hash or array of booleans.
-* Client middleware is prepended while server middleware is appended.
+### Added
+
+- Use `to_json` if it is defined when serializing encrypted args to JSON.
+- Add client middleware to the server default configuration. This ensures that arguments will be encrypted if a worker enqueues a job with encrypted arguments.
+- Client middleware now reads sidekiq options from the job hash instead of from the worker class so that the list of encrypted arguments is always in sync on the job payload.
+- Added additional option to specify encrypted args with array of argument indexes.
+
+### Changed
+
+- Client middleware is now prepended while server middleware is appended.
+
+### Fixed
+
+- Don't raise error if undefined class name is passed to client middleware as a string.
+
+### Deprecated
+
+- Deprecated setting encrypted args as hash or array of booleans.
 
 ## 1.0.2
 
-* Remove overly noisy log warning when running without the secret set
+### Changed
+
+- Remove overly noisy log warning when running without the secret set
 
 ## 1.0.1
 
-* Now works with scheduled jobs
-  * Scheduled jobs dispatch by class name instead of `Class`, requiring a constant lookup
+### Fixed
+
+- Added support for scheduled jobs
 
 ## 1.0.0
 
-* Initial release
+### Added
+
+- Initial release

data/README.md

@@ -1,8 +1,8 @@
 # Sidekiq Encrypted Args
 
-[![Continuous Integration](https://github.com/bdurand/sidekiq-encrypted_args/workflows/Continuous%20Integration/badge.svg?branch=master)](https://github.com/bdurand/sidekiq-encrypted_args/actions?query=workflow%3A%22Continuous+Integration%22)
-[![Maintainability](https://api.codeclimate.com/v1/badges/70ab3782e4d5285eb173/maintainability)](https://codeclimate.com/github/bdurand/sidekiq-encrypted_args/maintainability)
+[![Continuous Integration](https://github.com/bdurand/sidekiq-encrypted_args/actions/workflows/continuous_integration.yml/badge.svg)](https://github.com/bdurand/sidekiq-encrypted_args/actions/workflows/continuous_integration.yml)
 [![Ruby Style Guide](https://img.shields.io/badge/code_style-standard-brightgreen.svg)](https://github.com/testdouble/standard)
+[![Gem Version](https://badge.fury.io/rb/sidekiq-encrypted_args.svg)](https://badge.fury.io/rb/sidekiq-encrypted_args)
 
 Support for encrypting arguments for [Sidekiq](https://github.com/mperham/sidekiq).
 
@@ -106,3 +106,31 @@ You can also safely add encryption to an existing worker. Any jobs that are alre
 ## Encryption
 
 Encrypted arguments are stored using AES-256-GCM with a key derived from your secret using PBKDF2. For more info on the underlying encryption, refer to the [SecretKeys](https://github.com/bdurand/secret_keys) gem.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem "sidekiq-encrypted_args"
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install sidekiq-encrypted_args
+```
+
+## Contributing
+
+Open a pull request on GitHub.
+
+Please use the [standardrb](https://github.com/testdouble/standard) syntax and lint your code with `standardrb --fix` before submitting.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/VERSION

@@ -1 +1 @@
-1.1.0
+1.2.0

data/lib/sidekiq/encrypted_args/client_middleware.rb

@@ -4,6 +4,11 @@ module Sidekiq
   module EncryptedArgs
     # Sidekiq client middleware for encrypting arguments on jobs for workers
     # with `encrypted_args` set in the `sidekiq_options`.
+    #
+    # This middleware is responsible for encrypting job arguments before they
+    # are sent to Redis. It runs on the client side when jobs are enqueued.
+    #
+    # @see ServerMiddleware
     class ClientMiddleware
       # Encrypt specified arguments before they're sent off to the queue
       def call(worker_class, job, queue, redis_pool = nil)
@@ -21,14 +26,14 @@ module Sidekiq
       #
       # Additionally, set `job["encrypted_args"]` to the canonicalized version (i.e. `Array<Integer>`)
       #
-      # @param [Hash]
+      # @param [Hash] job The Sidekiq job hash containing arguments and metadata
       # @param [Array<Integer>] encrypted_args array of indexes in job to encrypt
       # @return [void]
       def encrypt_job_arguments!(job, encrypted_args)
         if encrypted_args
           job_args = job["args"]
           job_args.each_with_index do |value, position|
-            if encrypted_args.include?(position)
+            if encrypted_args.include?(position) && !EncryptedArgs.encrypted?(value)
               job_args[position] = EncryptedArgs.encrypt(value)
             end
           end

data/lib/sidekiq/encrypted_args/server_middleware.rb

@@ -3,6 +3,12 @@
 module Sidekiq
   module EncryptedArgs
     # Sidekiq server middleware for decrypting arguments on jobs that have encrypted args.
+    #
+    # This middleware is responsible for decrypting job arguments before they
+    # are passed to the worker's perform method. It runs on the server side
+    # when jobs are processed.
+    #
+    # @see ClientMiddleware
     class ServerMiddleware
       # Wrap the server process to decrypt incoming arguments
       def call(worker, job, queue)

data/lib/sidekiq/encrypted_args.rb

@@ -5,6 +5,11 @@ require "secret_keys"
 require "sidekiq"
 
 module Sidekiq
+  # Provides middleware for encrypting sensitive arguments in Sidekiq jobs.
+  #
+  # This module allows you to specify which job arguments should be encrypted
+  # in Redis to protect sensitive information like API keys, passwords, or
+  # personally identifiable information.
   module EncryptedArgs
     # Error thrown when the secret is invalid
     class InvalidSecretError < StandardError
@@ -25,18 +30,31 @@ module Sidekiq
       # when decrypting the arguments when the job gets run. If you are using the
       # environment variable, separate the keys with spaces.
       #
-      # @param [String] value One or more secrets to use for encrypting arguments.
+      # @example Setting a single secret
+      #   Sidekiq::EncryptedArgs.secret = "your_secret_key"
+      #
+      # @example Rolling secrets (multiple keys for backward compatibility)
+      #   Sidekiq::EncryptedArgs.secret = ["new_secret", "old_secret", "older_secret"]
+      #
+      # @param [String, Array<String>] value One or more secrets to use for encrypting arguments.
       # @return [void]
       def secret=(value)
         @encryptors = make_encryptors(value)
       end
 
-      # Add the client and server middleware to the Sidekiq
+      # Add the client and server middleware to the default Sidekiq
       # middleware chains. If you need to ensure the order of where the middleware is
       # added, you can forgo this method and add it yourself.
       #
       # This method prepends client middleware and appends server middleware.
       #
+      # @example Basic configuration
+      #   Sidekiq::EncryptedArgs.configure!(secret: "your_secret_key")
+      #
+      # @example Configuration using environment variable
+      #   ENV['SIDEKIQ_ENCRYPTED_ARGS_SECRET'] = "your_secret_key"
+      #   Sidekiq::EncryptedArgs.configure!
+      #
       # @param [String] secret optionally set the secret here. See {.secret=}
       def configure!(secret: nil)
         self.secret = secret unless secret.nil?
@@ -59,11 +77,18 @@ module Sidekiq
 
       # Encrypt a value.
       #
+      # @example Encrypting a simple value
+      #   EncryptedArgs.encrypt("secret_value") #=> "encrypted_string"
+      #
+      # @example Encrypting complex data
+      #   EncryptedArgs.encrypt({api_key: "secret", user_id: 123}) #=> "encrypted_string"
+      #
       # @param [#to_json, Object] data Data to encrypt. You can pass any JSON compatible data types or structures.
       #
       # @return [String]
       def encrypt(data)
         return nil if data.nil?
+
         json = (data.respond_to?(:to_json) ? data.to_json : JSON.generate(data))
         encrypted = encrypt_string(json)
         if encrypted == json
@@ -75,6 +100,12 @@ module Sidekiq
 
       # Decrypt data
       #
+      # @example Decrypting an encrypted value
+      #   EncryptedArgs.decrypt("encrypted_string") #=> "original_value"
+      #
+      # @example Handling unencrypted data
+      #   EncryptedArgs.decrypt("unencrypted_string") #=> "unencrypted_string"
+      #
       # @param [String] encrypted_data Data that was previously encrypted. If the value passed in is
       # an unencrypted string, then the string itself will be returned.
       #
@@ -85,6 +116,13 @@ module Sidekiq
         JSON.parse(json)
       end
 
+      # Check if a value is encrypted.
+      #
+      # @return [Boolean]
+      def encrypted?(value)
+        SecretKeys::Encryptor.encrypted?(value)
+      end
+
       # Private helper method to get the encrypted args option from an options hash. The value of this option
       # can be `true` or an array indicating if each positional argument should be encrypted, or a hash
       # with keys for the argument position and true as the value.
@@ -99,11 +137,9 @@ module Sidekiq
         if option == true
           job["args"].size.times { |i| indexes << i }
         elsif option.is_a?(Hash)
-          deprecation_warning("hash")
-          indexes = replace_argument_positions(worker_class, option)
+          raise ArgumentError.new("Hash-based argument encryption is no longer supported.")
         else
           array_type = nil
-          deprecation_message = nil
           Array(option).each_with_index do |val, position|
             current_type = nil
             if val.is_a?(Integer)
@@ -115,16 +151,15 @@ module Sidekiq
               indexes << position if position
               current_type = :symbol
             else
-              deprecation_message = "boolean array"
-              indexes << position if val
+              raise ArgumentError.new("Encrypted args must be specified as integers or symbols.")
             end
+
             if array_type && current_type
-              deprecation_message = "array of mixed types"
+              raise ArgumentError.new("Encrypted args cannot mix integers and symbols.")
             else
               array_type ||= current_type
             end
           end
-          deprecation_warning(deprecation_message) if deprecation_message
         end
         indexes
       end
@@ -164,10 +199,6 @@ module Sidekiq
         Array(secrets).map { |val| val.nil? ? nil : SecretKeys::Encryptor.from_password(val, SALT) }
       end
 
-      def deprecation_warning(message)
-        warn("Sidekiq::EncryptedArgs: setting encrypted_args to #{message} is deprecated; support will be removed in version 1.2.")
-      end
-
       # @param [String] class_name name of a class
       # @return [Class] class that was referenced by name
       def constantize(class_name)
@@ -183,11 +214,12 @@ module Sidekiq
         encrypted_indexes = []
         encrypt_option_hash.each do |key, value|
           next unless value
-          if key.is_a?(Symbol) || key.is_a?(String)
+
+          if key.is_a?(Integer) || (key.is_a?(String) && key.match?(INTEGER_PATTERN))
+            encrypted_indexes << key.to_i
+          elsif key.is_a?(Symbol) || key.is_a?(String)
             position = perform_method_parameter_index(worker_class, key)
             encrypted_indexes << position if position
-          elsif key.is_a?(Integer)
-            encrypted_indexes << key
           end
         end
         encrypted_indexes

data/sidekiq-encrypted_args.gemspec

@@ -8,6 +8,12 @@ Gem::Specification.new do |spec|
   spec.homepage = "https://github.com/bdurand/sidekiq-encrypted_args"
   spec.license = "MIT"
 
+  spec.metadata = {
+    "homepage_uri" => spec.homepage,
+    "source_code_uri" => spec.homepage,
+    "changelog_uri" => "#{spec.homepage}/blob/main/CHANGE_LOG.md"
+  }
+
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   ignore_files = %w[

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sidekiq-encrypted_args
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Brian Durand
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-06-15 00:00:00.000000000 Z
+date: 2025-08-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sidekiq
@@ -75,7 +75,10 @@ files:
 homepage: https://github.com/bdurand/sidekiq-encrypted_args
 licenses:
 - MIT
-metadata: {}
+metadata:
+  homepage_uri: https://github.com/bdurand/sidekiq-encrypted_args
+  source_code_uri: https://github.com/bdurand/sidekiq-encrypted_args
+  changelog_uri: https://github.com/bdurand/sidekiq-encrypted_args/blob/main/CHANGE_LOG.md
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -91,7 +94,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: Support for encrypting arguments that contain sensitive information in sidekiq