sidekiq-encrypted_args 1.1.1 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGE_LOG.md +17 -2
- data/README.md +2 -1
- data/VERSION +1 -1
- data/lib/sidekiq/encrypted_args/client_middleware.rb +6 -1
- data/lib/sidekiq/encrypted_args/server_middleware.rb +6 -0
- data/lib/sidekiq/encrypted_args.rb +39 -15
- data/sidekiq-encrypted_args.gemspec +6 -0
- metadata +7 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bcde4f8a47a8b5b7e5a4c0d6fe8f351a5d62ec8b9390caac4697359b7efe0912
|
|
4
|
+
data.tar.gz: 135e9fd5a910bf450812fa8406b25579857bcd320c93ea6b6660ce4242376650
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1cb7e169a1dd94f2c081e75147a467984d1e9d0457ca0337b44a8b6cfd4db5e6217a1d41261f52f7a81ed1f9dbcfa837a7ef1d9a4498d694472e4df43289f321
|
|
7
|
+
data.tar.gz: e238bdd98f374db76e6363b46abd0b8ea2269723d780e30e8150fbb9aca958410fb759f12148abae4ffd418323fa58005b6229ed063db1bbbe02d59cd916e9e0
|
data/CHANGE_LOG.md
CHANGED
|
@@ -4,40 +4,55 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
+
## 1.2.0
|
|
8
|
+
|
|
9
|
+
### Removed
|
|
10
|
+
|
|
11
|
+
- Removed deprecated method of setting encrypted args with a hash with numeric keys. This method stopped working with Sidekiq 7.1.
|
|
12
|
+
- Removed deprecated method of setting encrypted args with an array of booleans.
|
|
13
|
+
- Removed deprecated method of setting encrypted args with a mix of symbols and integers.
|
|
14
|
+
|
|
7
15
|
## 1.1.1
|
|
8
16
|
|
|
9
17
|
### Fixed
|
|
18
|
+
|
|
10
19
|
- Client middleware will no longer encrypt already encrypted arguments when a job is retried.
|
|
11
20
|
|
|
12
21
|
## 1.1.0
|
|
13
22
|
|
|
14
23
|
### Added
|
|
24
|
+
|
|
15
25
|
- Use `to_json` if it is defined when serializing encrypted args to JSON.
|
|
16
26
|
- Add client middleware to the server default configuration. This ensures that arguments will be encrypted if a worker enqueues a job with encrypted arguments.
|
|
17
27
|
- Client middleware now reads sidekiq options from the job hash instead of from the worker class so that the list of encrypted arguments is always in sync on the job payload.
|
|
18
28
|
- Added additional option to specify encrypted args with array of argument indexes.
|
|
19
29
|
|
|
20
30
|
### Changed
|
|
31
|
+
|
|
21
32
|
- Client middleware is now prepended while server middleware is appended.
|
|
22
33
|
|
|
23
34
|
### Fixed
|
|
35
|
+
|
|
24
36
|
- Don't raise error if undefined class name is passed to client middleware as a string.
|
|
25
37
|
|
|
26
38
|
### Deprecated
|
|
39
|
+
|
|
27
40
|
- Deprecated setting encrypted args as hash or array of booleans.
|
|
28
41
|
|
|
29
42
|
## 1.0.2
|
|
30
43
|
|
|
31
44
|
### Changed
|
|
45
|
+
|
|
32
46
|
- Remove overly noisy log warning when running without the secret set
|
|
33
47
|
|
|
34
48
|
## 1.0.1
|
|
35
49
|
|
|
36
|
-
### Added
|
|
37
|
-
|
|
38
50
|
### Fixed
|
|
51
|
+
|
|
39
52
|
- Added support for scheduled jobs
|
|
40
53
|
|
|
41
54
|
## 1.0.0
|
|
42
55
|
|
|
56
|
+
### Added
|
|
57
|
+
|
|
43
58
|
- Initial release
|
data/README.md
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
# Sidekiq Encrypted Args
|
|
2
2
|
|
|
3
|
-
[](https://github.com/bdurand/sidekiq-encrypted_args/actions/workflows/continuous_integration.yml)
|
|
4
4
|
[](https://github.com/testdouble/standard)
|
|
5
|
+
[](https://badge.fury.io/rb/sidekiq-encrypted_args)
|
|
5
6
|
|
|
6
7
|
Support for encrypting arguments for [Sidekiq](https://github.com/mperham/sidekiq).
|
|
7
8
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.2.0
|
|
@@ -4,6 +4,11 @@ module Sidekiq
|
|
|
4
4
|
module EncryptedArgs
|
|
5
5
|
# Sidekiq client middleware for encrypting arguments on jobs for workers
|
|
6
6
|
# with `encrypted_args` set in the `sidekiq_options`.
|
|
7
|
+
#
|
|
8
|
+
# This middleware is responsible for encrypting job arguments before they
|
|
9
|
+
# are sent to Redis. It runs on the client side when jobs are enqueued.
|
|
10
|
+
#
|
|
11
|
+
# @see ServerMiddleware
|
|
7
12
|
class ClientMiddleware
|
|
8
13
|
# Encrypt specified arguments before they're sent off to the queue
|
|
9
14
|
def call(worker_class, job, queue, redis_pool = nil)
|
|
@@ -21,7 +26,7 @@ module Sidekiq
|
|
|
21
26
|
#
|
|
22
27
|
# Additionally, set `job["encrypted_args"]` to the canonicalized version (i.e. `Array<Integer>`)
|
|
23
28
|
#
|
|
24
|
-
# @param [Hash]
|
|
29
|
+
# @param [Hash] job The Sidekiq job hash containing arguments and metadata
|
|
25
30
|
# @param [Array<Integer>] encrypted_args array of indexes in job to encrypt
|
|
26
31
|
# @return [void]
|
|
27
32
|
def encrypt_job_arguments!(job, encrypted_args)
|
|
@@ -3,6 +3,12 @@
|
|
|
3
3
|
module Sidekiq
|
|
4
4
|
module EncryptedArgs
|
|
5
5
|
# Sidekiq server middleware for decrypting arguments on jobs that have encrypted args.
|
|
6
|
+
#
|
|
7
|
+
# This middleware is responsible for decrypting job arguments before they
|
|
8
|
+
# are passed to the worker's perform method. It runs on the server side
|
|
9
|
+
# when jobs are processed.
|
|
10
|
+
#
|
|
11
|
+
# @see ClientMiddleware
|
|
6
12
|
class ServerMiddleware
|
|
7
13
|
# Wrap the server process to decrypt incoming arguments
|
|
8
14
|
def call(worker, job, queue)
|
|
@@ -5,6 +5,11 @@ require "secret_keys"
|
|
|
5
5
|
require "sidekiq"
|
|
6
6
|
|
|
7
7
|
module Sidekiq
|
|
8
|
+
# Provides middleware for encrypting sensitive arguments in Sidekiq jobs.
|
|
9
|
+
#
|
|
10
|
+
# This module allows you to specify which job arguments should be encrypted
|
|
11
|
+
# in Redis to protect sensitive information like API keys, passwords, or
|
|
12
|
+
# personally identifiable information.
|
|
8
13
|
module EncryptedArgs
|
|
9
14
|
# Error thrown when the secret is invalid
|
|
10
15
|
class InvalidSecretError < StandardError
|
|
@@ -25,7 +30,13 @@ module Sidekiq
|
|
|
25
30
|
# when decrypting the arguments when the job gets run. If you are using the
|
|
26
31
|
# environment variable, separate the keys with spaces.
|
|
27
32
|
#
|
|
28
|
-
# @
|
|
33
|
+
# @example Setting a single secret
|
|
34
|
+
# Sidekiq::EncryptedArgs.secret = "your_secret_key"
|
|
35
|
+
#
|
|
36
|
+
# @example Rolling secrets (multiple keys for backward compatibility)
|
|
37
|
+
# Sidekiq::EncryptedArgs.secret = ["new_secret", "old_secret", "older_secret"]
|
|
38
|
+
#
|
|
39
|
+
# @param [String, Array<String>] value One or more secrets to use for encrypting arguments.
|
|
29
40
|
# @return [void]
|
|
30
41
|
def secret=(value)
|
|
31
42
|
@encryptors = make_encryptors(value)
|
|
@@ -37,6 +48,13 @@ module Sidekiq
|
|
|
37
48
|
#
|
|
38
49
|
# This method prepends client middleware and appends server middleware.
|
|
39
50
|
#
|
|
51
|
+
# @example Basic configuration
|
|
52
|
+
# Sidekiq::EncryptedArgs.configure!(secret: "your_secret_key")
|
|
53
|
+
#
|
|
54
|
+
# @example Configuration using environment variable
|
|
55
|
+
# ENV['SIDEKIQ_ENCRYPTED_ARGS_SECRET'] = "your_secret_key"
|
|
56
|
+
# Sidekiq::EncryptedArgs.configure!
|
|
57
|
+
#
|
|
40
58
|
# @param [String] secret optionally set the secret here. See {.secret=}
|
|
41
59
|
def configure!(secret: nil)
|
|
42
60
|
self.secret = secret unless secret.nil?
|
|
@@ -59,6 +77,12 @@ module Sidekiq
|
|
|
59
77
|
|
|
60
78
|
# Encrypt a value.
|
|
61
79
|
#
|
|
80
|
+
# @example Encrypting a simple value
|
|
81
|
+
# EncryptedArgs.encrypt("secret_value") #=> "encrypted_string"
|
|
82
|
+
#
|
|
83
|
+
# @example Encrypting complex data
|
|
84
|
+
# EncryptedArgs.encrypt({api_key: "secret", user_id: 123}) #=> "encrypted_string"
|
|
85
|
+
#
|
|
62
86
|
# @param [#to_json, Object] data Data to encrypt. You can pass any JSON compatible data types or structures.
|
|
63
87
|
#
|
|
64
88
|
# @return [String]
|
|
@@ -76,6 +100,12 @@ module Sidekiq
|
|
|
76
100
|
|
|
77
101
|
# Decrypt data
|
|
78
102
|
#
|
|
103
|
+
# @example Decrypting an encrypted value
|
|
104
|
+
# EncryptedArgs.decrypt("encrypted_string") #=> "original_value"
|
|
105
|
+
#
|
|
106
|
+
# @example Handling unencrypted data
|
|
107
|
+
# EncryptedArgs.decrypt("unencrypted_string") #=> "unencrypted_string"
|
|
108
|
+
#
|
|
79
109
|
# @param [String] encrypted_data Data that was previously encrypted. If the value passed in is
|
|
80
110
|
# an unencrypted string, then the string itself will be returned.
|
|
81
111
|
#
|
|
@@ -107,11 +137,9 @@ module Sidekiq
|
|
|
107
137
|
if option == true
|
|
108
138
|
job["args"].size.times { |i| indexes << i }
|
|
109
139
|
elsif option.is_a?(Hash)
|
|
110
|
-
|
|
111
|
-
indexes = replace_argument_positions(worker_class, option)
|
|
140
|
+
raise ArgumentError.new("Hash-based argument encryption is no longer supported.")
|
|
112
141
|
else
|
|
113
142
|
array_type = nil
|
|
114
|
-
deprecation_message = nil
|
|
115
143
|
Array(option).each_with_index do |val, position|
|
|
116
144
|
current_type = nil
|
|
117
145
|
if val.is_a?(Integer)
|
|
@@ -123,16 +151,15 @@ module Sidekiq
|
|
|
123
151
|
indexes << position if position
|
|
124
152
|
current_type = :symbol
|
|
125
153
|
else
|
|
126
|
-
|
|
127
|
-
indexes << position if val
|
|
154
|
+
raise ArgumentError.new("Encrypted args must be specified as integers or symbols.")
|
|
128
155
|
end
|
|
156
|
+
|
|
129
157
|
if array_type && current_type
|
|
130
|
-
|
|
158
|
+
raise ArgumentError.new("Encrypted args cannot mix integers and symbols.")
|
|
131
159
|
else
|
|
132
160
|
array_type ||= current_type
|
|
133
161
|
end
|
|
134
162
|
end
|
|
135
|
-
deprecation_warning(deprecation_message) if deprecation_message
|
|
136
163
|
end
|
|
137
164
|
indexes
|
|
138
165
|
end
|
|
@@ -172,10 +199,6 @@ module Sidekiq
|
|
|
172
199
|
Array(secrets).map { |val| val.nil? ? nil : SecretKeys::Encryptor.from_password(val, SALT) }
|
|
173
200
|
end
|
|
174
201
|
|
|
175
|
-
def deprecation_warning(message)
|
|
176
|
-
warn("Sidekiq::EncryptedArgs: setting encrypted_args to #{message} is deprecated; support will be removed in version 1.2.")
|
|
177
|
-
end
|
|
178
|
-
|
|
179
202
|
# @param [String] class_name name of a class
|
|
180
203
|
# @return [Class] class that was referenced by name
|
|
181
204
|
def constantize(class_name)
|
|
@@ -191,11 +214,12 @@ module Sidekiq
|
|
|
191
214
|
encrypted_indexes = []
|
|
192
215
|
encrypt_option_hash.each do |key, value|
|
|
193
216
|
next unless value
|
|
194
|
-
|
|
217
|
+
|
|
218
|
+
if key.is_a?(Integer) || (key.is_a?(String) && key.match?(INTEGER_PATTERN))
|
|
219
|
+
encrypted_indexes << key.to_i
|
|
220
|
+
elsif key.is_a?(Symbol) || key.is_a?(String)
|
|
195
221
|
position = perform_method_parameter_index(worker_class, key)
|
|
196
222
|
encrypted_indexes << position if position
|
|
197
|
-
elsif key.is_a?(Integer)
|
|
198
|
-
encrypted_indexes << key
|
|
199
223
|
end
|
|
200
224
|
end
|
|
201
225
|
encrypted_indexes
|
|
@@ -8,6 +8,12 @@ Gem::Specification.new do |spec|
|
|
|
8
8
|
spec.homepage = "https://github.com/bdurand/sidekiq-encrypted_args"
|
|
9
9
|
spec.license = "MIT"
|
|
10
10
|
|
|
11
|
+
spec.metadata = {
|
|
12
|
+
"homepage_uri" => spec.homepage,
|
|
13
|
+
"source_code_uri" => spec.homepage,
|
|
14
|
+
"changelog_uri" => "#{spec.homepage}/blob/main/CHANGE_LOG.md"
|
|
15
|
+
}
|
|
16
|
+
|
|
11
17
|
# Specify which files should be added to the gem when it is released.
|
|
12
18
|
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
|
13
19
|
ignore_files = %w[
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sidekiq-encrypted_args
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brian Durand
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2025-08-30 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: sidekiq
|
|
@@ -75,7 +75,10 @@ files:
|
|
|
75
75
|
homepage: https://github.com/bdurand/sidekiq-encrypted_args
|
|
76
76
|
licenses:
|
|
77
77
|
- MIT
|
|
78
|
-
metadata:
|
|
78
|
+
metadata:
|
|
79
|
+
homepage_uri: https://github.com/bdurand/sidekiq-encrypted_args
|
|
80
|
+
source_code_uri: https://github.com/bdurand/sidekiq-encrypted_args
|
|
81
|
+
changelog_uri: https://github.com/bdurand/sidekiq-encrypted_args/blob/main/CHANGE_LOG.md
|
|
79
82
|
post_install_message:
|
|
80
83
|
rdoc_options: []
|
|
81
84
|
require_paths:
|
|
@@ -91,7 +94,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
91
94
|
- !ruby/object:Gem::Version
|
|
92
95
|
version: '0'
|
|
93
96
|
requirements: []
|
|
94
|
-
rubygems_version: 3.
|
|
97
|
+
rubygems_version: 3.4.10
|
|
95
98
|
signing_key:
|
|
96
99
|
specification_version: 4
|
|
97
100
|
summary: Support for encrypting arguments that contain sensitive information in sidekiq
|