sidekiq-field-encryptor 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 204c8e1c027462e1fd8b44117a1e2a7953f3f793
+  data.tar.gz: 5d0f753a7031408d647d9508def52146c4d8609a
+SHA512:
+  metadata.gz: 86b140ff56fc6cb4d3baf1901fb42b8f34a2bc2f0955280b497b3956c83d6505ae00df0da5057aa8d75ff7dc32952cb8b09baa24317320e03744252d80f2762f
+  data.tar.gz: 9904d3395415ad5c0697e86c238273a17d85dda7717f7de28e53878edf59038960b7dfba9b9c7b954b3c6dffac054f7406c0887f39bcec344927bb79da3ce563

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.idea
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format documentation

data/.travis.yml

@@ -0,0 +1,4 @@
+rvm:
+  - "2.1"
+  - 2.0.0
+  - jruby

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in sidekiq-field-encryptor.gemspec
+gemspec

data/LICENSE.md

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Aptible, Inc.
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,32 @@
+# ![](https://raw.github.com/aptible/straptible/master/lib/straptible/rails/templates/public.api/icon-60px.png) Sidekiq::Field::Encryptor
+
+[![Gem Version](https://badge.fury.io/rb/sidekiq-field-encryptor.png)](https://rubygems.org/gems/sidekiq-field-encryptor)
+[![Build Status](https://travis-ci.org/aptible/sidekiq-field-encryptor.png?branch=master)](https://travis-ci.org/aptible/sidekiq-field-encryptor)
+[![Dependency Status](https://gemnasium.com/aptible/sidekiq-field-encryptor.png)](https://gemnasium.com/aptible/sidekiq-field-encryptor)
+
+TODO: Add description.
+
+## Installation
+
+Add the following line to your application's Gemfile.
+
+    gem 'sidekiq-field-encryptor'
+
+And then run `bundle install`.
+
+## Usage
+
+TODO: Add usage notes.
+
+## Contributing
+
+1. Fork the project.
+1. Commit your changes, with specs.
+1. Ensure that your code passes specs (`rake spec`) and meets Aptible's Ruby style guide (`rake rubocop`).
+1. Create a new pull request on GitHub.
+
+## Copyright and License
+
+MIT License, see [LICENSE](LICENSE.md) for details.
+
+Copyright (c) 2015 [Aptible](https://www.aptible.com), Blake Pettersson, and contributors.

data/Rakefile

@@ -0,0 +1,4 @@
+require 'bundler/gem_tasks'
+
+require 'aptible/tasks'
+Aptible::Tasks.load_tasks

data/lib/sidekiq-field-encryptor.rb

@@ -0,0 +1,2 @@
+require 'sidekiq-field-encryptor/version'
+require 'sidekiq-field-encryptor/encryptor'

data/lib/sidekiq-field-encryptor/encryptor.rb

@@ -0,0 +1,64 @@
+require 'base64'
+require 'encryptor'
+require 'sidekiq-field-encryptor/version'
+
+module SidekiqFieldEncryptor
+  class Base
+    def initialize(options = {})
+      @encryption_key = options[:encryption_key]
+      @encrypted_fields = options[:encrypted_fields] || {}
+    end
+
+    def assert_key_configured
+      fail 'Encryption key not configured' if @encryption_key.nil?
+    end
+
+    def encrypt(value)
+      plaintext = Marshal.dump(value)
+      iv = OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_iv
+      args = { key: @encryption_key, iv: iv }
+      ciphertext = ::Encryptor.encrypt(plaintext, **args)
+      [::Base64.encode64(ciphertext), ::Base64.encode64(iv)]
+    end
+
+    def decrypt(encrypted)
+      ciphertext, iv = encrypted.map { |value| ::Base64.decode64(value) }
+      args = { key: @encryption_key, iv: iv }
+      plaintext = ::Encryptor.decrypt(ciphertext, **args)
+      Marshal.load(plaintext)
+    end
+
+    def process_message(message)
+      fields = @encrypted_fields[message['class']]
+      return unless fields
+      assert_key_configured
+      message['args'].size.times.each do |arg_index|
+        to_encrypt = fields[arg_index]
+        next unless to_encrypt
+        raw_value = message['args'][arg_index]
+        if to_encrypt == true
+          message['args'][arg_index] = yield(raw_value)
+        elsif to_encrypt.is_a?(Array) && raw_value.is_a?(Hash)
+          message['args'][arg_index] = Hash[raw_value.map do |key, value|
+            value = yield(value) if to_encrypt.member?(key.to_s)
+            [key, value]
+          end]
+        end
+      end
+    end
+  end
+
+  class Client < Base
+    def call(_, message, _, _)
+      process_message(message) { |value| encrypt(value) }
+      yield
+    end
+  end
+
+  class Server < Base
+    def call(_, message, _)
+      process_message(message) { |value| decrypt(value) }
+      yield
+    end
+  end
+end

data/lib/sidekiq-field-encryptor/version.rb

@@ -0,0 +1,3 @@
+module SidekiqFieldEncryptor
+  VERSION = '0.1.0'
+end

data/sidekiq-field-encryptor.gemspec

@@ -0,0 +1,28 @@
+# encoding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+require 'English'
+require 'sidekiq-field-encryptor/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'sidekiq-field-encryptor'
+  spec.version       = SidekiqFieldEncryptor::VERSION
+  spec.authors       = ['Blake Pettersson']
+  spec.email         = ['blake@aptible.com']
+  spec.description   = 'Selectively encrypt fields in Sidekiq'
+  spec.summary       = 'Selectively encrypt fields sent into Sidekiq'
+  spec.homepage      = 'https://github.com/aptible/sidekiq-field-encryptor'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files`.split($RS)
+  spec.test_files    = spec.files.grep(%r{^spec/})
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'encryptor'
+
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'aptible-tasks'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
+end

data/spec/sidekiq-field-encryptor/encryptor_spec.rb

@@ -0,0 +1,75 @@
+require 'spec_helper'
+
+describe SidekiqFieldEncryptor::Client do
+  let(:key) { OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_key }
+  let(:message) do
+    { 'class' => 'FooJob', 'args' => [1, 2, { 'a' => 'A', 'b' => 'B' }] }
+  end
+
+  describe 'with no encryption key' do
+    it "doesn't fail when encryption isn't attempted" do
+      subject.call('FooJob', message, nil, nil) {}
+    end
+    it 'fails when encryption is attempted' do
+      client = SidekiqFieldEncryptor::Client.new(
+        encrypted_fields: { 'FooJob' => { 1 => true } })
+      expect { client.call('FooJob', message, nil, nil) {} }
+        .to raise_error('Encryption key not configured')
+    end
+  end
+
+  describe 'with an encryption key' do
+    subject do
+      SidekiqFieldEncryptor::Client.new(
+        encryption_key: key,
+        encrypted_fields: {
+          'FooJob' => { 1 => true, 2 => %w(b d) }
+        })
+    end
+
+    it 'encrypts only fields specified by the encryption config' do
+      subject.call('FooJob', message, nil, nil) {}
+      expect(message['args'][0]).to eq(1)
+      expect(subject.decrypt(message['args'][1])).to eq(2)
+      expect(message['args'][2]['a']).to eq('A')
+      expect(subject.decrypt(message['args'][2]['b'])).to eq('B')
+    end
+  end
+end
+
+describe SidekiqFieldEncryptor::Server do
+  let(:key) { OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_key }
+  let(:message) do
+    { 'class' => 'FooJob', 'args' => [1, 2, { 'a' => 'A', 'b' => 'B' }] }
+  end
+
+  describe 'with no encryption key' do
+    it "doesn't fail when decryption isn't attempted" do
+      subject.call('FooJob', message, nil) {}
+    end
+    it 'fails when decryption is attempted' do
+      server = SidekiqFieldEncryptor::Server.new(
+        encrypted_fields: { 'FooJob' => { 1 => true } })
+      expect { server.call('FooJob', message, nil) {} }
+        .to raise_error('Encryption key not configured')
+    end
+  end
+
+  describe 'with an encryption key' do
+    subject do
+      SidekiqFieldEncryptor::Server.new(
+        encryption_key: key,
+        encrypted_fields: {
+          'FooJob' => { 1 => true, 2 => %w(b d) }
+        })
+    end
+
+    it 'decrypts all fields specified by the encryption config' do
+      original_message = message.dup
+      message['args'][1] = subject.encrypt(message['args'][1])
+      message['args'][2]['b'] = subject.encrypt(message['args'][2]['b'])
+      subject.call('FooJob', message, nil) {}
+      expect(message).to eq(original_message)
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+
+# Load shared spec files
+Dir["#{File.dirname(__FILE__)}/shared/**/*.rb"].each do |file|
+  require file
+end
+
+# Require library up front
+require 'sidekiq-field-encryptor/encryptor'

metadata

@@ -0,0 +1,129 @@
+--- !ruby/object:Gem::Specification
+name: sidekiq-field-encryptor
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Blake Pettersson
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-09-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: encryptor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aptible-tasks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Selectively encrypt fields in Sidekiq
+email:
+- blake@aptible.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .travis.yml
+- Gemfile
+- LICENSE.md
+- README.md
+- Rakefile
+- lib/sidekiq-field-encryptor.rb
+- lib/sidekiq-field-encryptor/encryptor.rb
+- lib/sidekiq-field-encryptor/version.rb
+- sidekiq-field-encryptor.gemspec
+- spec/sidekiq-field-encryptor/encryptor_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/aptible/sidekiq-field-encryptor
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Selectively encrypt fields sent into Sidekiq
+test_files:
+- spec/sidekiq-field-encryptor/encryptor_spec.rb
+- spec/spec_helper.rb