sidekiq-field-encryptor 0.2.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c11c669792764e011bd552df7369298eaa77961b1e83c55047c172db8bce861e
-  data.tar.gz: 2d3604aa814fc4baa6b2597a16231348de41b5bb36efe3946ee7b3b6cfe2cf47
+  metadata.gz: 930fe1d92b017b2b44b2102082cf4775cd2285e553d1243569807212453c83ca
+  data.tar.gz: 66280ab60c4e52985dc36b29d37669d9a8576cfd66c1ba296230359eceae7d72
 SHA512:
-  metadata.gz: 6d7468111be23b540a4a3e1ed44771097902bef7a591a3c67ae0ad9a6a609402567f299f575eff127f3862f35d191c7c959d8cd44c618bc33a116031cff5d224
-  data.tar.gz: fb7827f9988d5ec43d124fcc9f08481cb4ebda5bfd5ddf80836c03cbef64e7954ef1db6a3efb485c2cd18f1856d5866324fd06d0f2b2010c7ca6a3e121a8f7ce
+  metadata.gz: ef8f4ec59c3ac5a6a99b5fc25bc9681727963c2ce29c7c1a5a06860bdb2872664e9a3fffb8930da405a34f30164162faaab4741edf717843742cdbb486daf408
+  data.tar.gz: 0bbaea48f3ea6b9ab97c4492454ee3148fb998d9f4c6f6207f87b22c47c28a6b5322c1ae70b510d60d7923117bdf53951f7c54f7393c54a4a47d5ae0e1d301ff

data/.github/CODEOWNERS

@@ -0,0 +1,2 @@
+*   @aguilinger
+*   @mdelaossa

data/.github/workflows/test.yml

@@ -0,0 +1,49 @@
+name: Tests
+
+on:
+  pull_request:
+    branches:
+      - main
+      - master
+  push:
+    branches:
+      - main
+      - master
+
+jobs:
+  test:
+    name: Test Ruby ${{ matrix.RUBY_VERSION }}
+    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        RUBY_VERSION: ["2.6", "3.3"]
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Install Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.RUBY_VERSION }}
+          bundler-cache: true
+
+      - name: Run Lint
+        run: make lint
+
+      - name: Run Tests
+        run: make test
+
+  results:
+    if: ${{ always() }}
+    runs-on: ubuntu-latest
+    name: Final Results
+    needs: [test]
+    steps:
+      - run: exit 1
+        # see https://stackoverflow.com/a/67532120/4907315
+        if: >-
+          ${{
+               contains(needs.*.result, 'failure')
+            || contains(needs.*.result, 'cancelled')
+          }}

data/.rspec

@@ -1,2 +1,3 @@
 --color
---format documentation
+--format documentation
+--require spec_helper

data/.rubocop-https---raw-githubusercontent-com-aptible-dryer-lint-main--rubocop-base-yml

@@ -0,0 +1,380 @@
+require:
+  - rubocop-rspec
+
+Gemspec/DeprecatedAttributeAssignment:
+  Enabled: true
+
+Gemspec/RequireMFA:
+  Enabled: true
+
+Layout/LineContinuationLeadingSpace:
+  Enabled: true
+
+Layout/LineContinuationSpacing:
+  Enabled: true
+
+Layout/LineEndStringConcatenationIndentation:
+  Enabled: true
+
+Layout/SpaceBeforeBrackets:
+  Enabled: true
+
+Lint/AmbiguousAssignment:
+  Enabled: true
+
+Lint/AmbiguousOperatorPrecedence:
+  Enabled: true
+
+Lint/AmbiguousRange:
+  Enabled: true
+
+Lint/ConstantOverwrittenInRescue:
+  Enabled: true
+
+Lint/DeprecatedConstants:
+  Enabled: true
+
+Lint/DuplicateBranch:
+  Enabled: true
+
+Lint/DuplicateMagicComment:
+  Enabled: true
+
+Lint/DuplicateRegexpCharacterClassElement:
+  Enabled: true
+
+Lint/EmptyBlock:
+  Enabled: false
+
+Lint/EmptyClass:
+  Enabled: true
+
+Lint/EmptyInPattern:
+  Enabled: true
+
+Lint/IncompatibleIoSelectWithFiberScheduler:
+  Enabled: true
+
+Lint/LambdaWithoutLiteralBlock:
+  Enabled: true
+
+Lint/NoReturnInBeginEndBlocks:
+  Enabled: true
+
+Lint/NonAtomicFileOperation:
+  Enabled: true
+
+Lint/NumberedParameterAssignment:
+  Enabled: true
+
+Lint/OrAssignmentToConstant:
+  Enabled: true
+
+Lint/RedundantDirGlobSort:
+  Enabled: true
+
+Lint/RefinementImportMethods:
+  Enabled: true
+
+Lint/RequireRangeParentheses:
+  Enabled: true
+
+Lint/RequireRelativeSelfPath:
+  Enabled: true
+
+Lint/SymbolConversion:
+  Enabled: true
+
+Lint/ToEnumArguments:
+  Enabled: true
+
+Lint/TripleQuotes:
+  Enabled: true
+
+Lint/UnexpectedBlockArity:
+  Enabled: true
+
+Lint/UnmodifiedReduceAccumulator:
+  Enabled: true
+
+Lint/UselessRuby2Keywords:
+  Enabled: true
+
+Security/CompoundHash:
+  Enabled: true
+
+Security/IoMethods:
+  Enabled: true
+
+Style/ArgumentsForwarding:
+  Enabled: true
+
+Style/CollectionCompact:
+  Enabled: true
+
+Style/DocumentDynamicEvalDefinition:
+  Enabled: true
+
+Style/EmptyHeredoc:
+  Enabled: true
+
+Style/EndlessMethod:
+  Enabled: true
+
+Style/EnvHome:
+  Enabled: true
+
+Style/FetchEnvVar:
+  Enabled: true
+
+Style/FileRead:
+  Enabled: true
+
+Style/FileWrite:
+  Enabled: true
+
+# TODO - remove this when this has been released on rubocop
+Style/GuardClause:
+  Enabled: false
+
+Style/HashConversion:
+  Enabled: true
+
+Style/HashExcept:
+  Enabled: true
+
+Style/IfWithBooleanLiteralBranches:
+  Enabled: true
+
+Style/InPatternThen:
+  Enabled: true
+
+Style/MagicCommentFormat:
+  Enabled: true
+
+Style/MapCompactWithConditionalBlock:
+  Enabled: true
+
+Style/MapToHash:
+  Enabled: true
+
+Style/MultilineInPatternThen:
+  Enabled: true
+
+Style/NegatedIfElseCondition:
+  Enabled: true
+
+Style/NestedFileDirname:
+  Enabled: true
+
+Style/NilLambda:
+  Enabled: true
+
+Style/NumberedParameters:
+  Enabled: true
+
+Style/NumberedParametersLimit:
+  Enabled: true
+
+Style/NumericLiterals:
+  Enabled: false
+
+Style/ObjectThen:
+  Enabled: true
+
+Style/OpenStructUse:
+  Enabled: true
+
+Style/OperatorMethodCall:
+  Enabled: true
+
+Style/QuotedSymbols:
+  Enabled: true
+
+Style/RedundantArgument:
+  Enabled: true
+
+Style/RedundantEach:
+  Enabled: true
+
+Style/RedundantInitialize:
+  Enabled: true
+
+Style/RedundantSelfAssignmentBranch:
+  Enabled: true
+
+Style/RedundantStringEscape:
+  Enabled: true
+
+Style/SelectByRegexp:
+  Enabled: true
+
+Style/StringChars:
+  Enabled: true
+
+Style/SwapValues:
+  Enabled: true
+
+RSpec/BeEq:
+  Enabled: true
+
+RSpec/BeNil:
+  Enabled: true
+
+RSpec/ChangeByZero:
+  Enabled: true
+
+RSpec/ClassCheck:
+  Enabled: true
+
+RSpec/ExcessiveDocstringSpacing:
+  Enabled: true
+
+RSpec/IdenticalEqualityAssertion:
+  Enabled: true
+
+RSpec/SortMetadata:
+  Enabled: true
+
+RSpec/SubjectDeclaration:
+  Enabled: true
+
+RSpec/StubbedMock:
+  Enabled: false
+
+RSpec/VerifiedDoubleReference:
+  Enabled: true
+
+Capybara/NegationMatcher:
+  Enabled: true
+
+Capybara/SpecificActions:
+  Enabled: true
+
+Capybara/SpecificFinders:
+  Enabled: true
+
+Capybara/SpecificMatcher:
+  Enabled: true
+
+FactoryBot/ConsistentParenthesesStyle:
+  Enabled: true
+
+FactoryBot/SyntaxMethods:
+  Enabled: true
+
+RSpecRails/AvoidSetupHook:
+  Enabled: true
+
+RSpecRails/HaveHttpStatus:
+  Enabled: true
+
+RSpecRails/InferredSpecType:
+  Enabled: true
+
+###############################################################################
+##                           Customizations                                  ##
+###############################################################################
+
+# Try to keep a balance between the fact that some people are
+# working from laptops and the fact that unnecessarily short
+# lines make code hard to read.
+Layout/LineLength:
+  Enabled: true
+  Max: 120
+
+# TODO: We have enough places where this isn't used that it would
+#       be hard to switch, but maybe we should enable in the future?
+RSpec/NamedSubject:
+  Enabled: false
+
+# Sometimes our tests are only confirming that
+# an exception isn't raised.
+RSpec/NoExpectationExample:
+  Enabled: false
+
+# These sometimes make tests look nicer.
+RSpec/NestedGroups:
+  Enabled: false
+
+RSpec/RepeatedExampleGroupBody:
+  Enabled: false
+
+RSpec/MultipleMemoizedHelpers:
+  Max: 20
+
+RSpec/SubjectStub:
+  Enabled: false
+
+RSpec/MessageSpies:
+  Enabled: false
+
+RSpec/ExpectInHook:
+  Enabled: false
+
+RSpec/MultipleExpectations:
+  Enabled: false
+
+RSpec/ExampleLength:
+  Enabled: false
+
+# These aren't effective enough at calculating the right
+# kinds of complexity.
+Metrics/CyclomaticComplexity:
+  Enabled: false
+
+Metrics/AbcSize:
+  Enabled: false
+
+Metrics/PerceivedComplexity:
+  Enabled: false
+
+# Favor explicit over implicit.
+Metrics/ParameterLists:
+  Max: 20
+
+Style/HashSyntax:
+  Enabled: false
+
+Naming/BlockForwarding:
+  Enabled: true
+  EnforcedStyle: explicit
+
+# This probably isn't right to disable, but at the same time, there
+# are places where we're using (valid) boilerplate code that adds up.
+Metrics/MethodLength:
+  Enabled: false
+
+# This probably isn't best to change either, but some modules and corresponding
+# helpers will have a fair number of lines and this seems arbitrarily limiting
+Metrics/ModuleLength:
+  Enabled: false
+
+# We may want to re-enable this in the future with a reasonable value,
+# but right now this is overly prescriptive, especially in scenarios
+# where we have a lot of boilerplate code.
+Metrics/ClassLength:
+  Enabled: false
+
+# This is fine being a judgement call.
+Metrics/BlockLength:
+  Enabled: false
+
+# This is overly prescriptive with minimal gain.
+RSpec/ContextWording:
+  Enabled: false
+
+# This is allowing something implicit, which isn't ideal,
+# but it's also something we heavily leverage.
+RSpec/LetSetup:
+  Enabled: false
+
+# This doesn't feel great to add, but unfortunately it's making
+# incorrect assumptions about some of our function names
+# which causes a lot of false positives.
+RSpec/PredicateMatcher:
+  Enabled: false
+
+# There are valid reasons to do this.
+RSpec/InstanceVariable:
+  Enabled: false

data/.rubocop.yml

@@ -0,0 +1,16 @@
+inherit_from:
+  - https://raw.githubusercontent.com/aptible/dryer-lint/main/.rubocop.base.yml
+  - .rubocop_ignore.yml
+
+Style/GuardClause:
+  Enabled: false
+
+AllCops:
+  TargetRubyVersion: 3.1
+  NewCops: disable
+  Include:
+    - !ruby/regexp /\.rb$/
+    - !ruby/regexp /Gemfile$/
+    - !ruby/regexp /\.gemspec$/
+    - !ruby/regexp /\.rake$/
+    - !ruby/regexp /Rakefile$/

data/.rubocop_ignore.yml

@@ -0,0 +1,11 @@
+Naming/FileName:
+  Exclude:
+    - 'lib/sidekiq-field-encryptor.rb'
+
+RSpec/MultipleDescribes:
+  Exclude:
+    - 'spec/sidekiq-field-encryptor/encryptor_spec.rb'
+
+Gemspec/RequiredRubyVersion:
+  Exclude:
+    - 'sidekiq-field-encryptor.gemspec'

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 # Specify your gem's dependencies in sidekiq-field-encryptor.gemspec

data/Makefile

@@ -0,0 +1,7 @@
+lint:
+	bundle exec rubocop
+
+test:
+	bundle exec rspec
+
+all: lint test

data/README.md

@@ -1,7 +1,6 @@
 # ![](https://raw.github.com/aptible/straptible/master/lib/straptible/rails/templates/public.api/icon-60px.png) Sidekiq::Field::Encryptor
 
 [![Gem Version](https://badge.fury.io/rb/sidekiq-field-encryptor.png)](https://rubygems.org/gems/sidekiq-field-encryptor)
-[![Build Status](https://travis-ci.org/aptible/sidekiq-field-encryptor.png?branch=master)](https://travis-ci.org/aptible/sidekiq-field-encryptor)
 [![Dependency Status](https://gemnasium.com/aptible/sidekiq-field-encryptor.png)](https://gemnasium.com/aptible/sidekiq-field-encryptor)
 
 This is a utility which is intended to be used for encrypting sensitive data in Sidekiq jobs. The data is encrypted before sending it to Redis, and decrypted right before the Sidekiq job is executed.
@@ -39,11 +38,11 @@ decrypt the values inside the client before the job is executed.
 
 1. Fork the project.
 1. Commit your changes, with specs.
-1. Ensure that your code passes specs (`rake spec`) and meets Aptible's Ruby style guide (`rake rubocop`).
+1. Ensure that your code passes specs (`bundle exec rspec`) and meets Aptible's Ruby style guide (`bundle exec rubocop`).
 1. Create a new pull request on GitHub.
 
 ## Copyright and License
 
 MIT License, see [LICENSE](LICENSE.md) for details.
 
-Copyright (c) 2015 [Aptible](https://www.aptible.com), Blake Pettersson, and contributors.
+Copyright (c) 2024 [Aptible](https://www.aptible.com), Blake Pettersson, and contributors.

data/Rakefile

@@ -1,4 +1,3 @@
-require 'bundler/gem_tasks'
+# frozen_string_literal: true
 
-require 'aptible/tasks'
-Aptible::Tasks.load_tasks
+require 'bundler/gem_tasks'

data/SECURITY.md

@@ -0,0 +1,23 @@
+# Aptible Open Source Security Policies and Procedures
+
+This document outlines security procedures and general policies for the Aptible open source projects as found on https://github.com/aptible.
+
+  * [Reporting a Vulnerability](#reporting-a-vulnerability)
+  * [Responsible Disclosure Policy](#responsible-disclosure-policy)
+
+## Reporting a Vulnerability 
+
+The Aptible team and community take all security vulnerabilities
+seriously. Thank you for improving the security of our open source software. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
+
+Report security vulnerabilities by emailing the Aptible security team at:
+    
+    security@aptible.com
+
+Security researchers can also privately report security vulnerabilities to repository maintainers using the GitHub "Report a Vulnerability" feature. [See how-to here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).
+
+The Aptible team will acknowledge your email within 24 business hours and send a detailed response within 48 business hours indicating the next steps in handling your report. The Aptible security team will keep you informed of the progress and may ask for additional information or guidance.
+
+## Responsible Disclosure Policy
+
+Please see Aptible's Responsible Disclosure Policy here: https://www.aptible.com/legal/responsible-disclosure/

data/lib/sidekiq-field-encryptor/encryptor.rb

@@ -1,6 +1,9 @@
+# frozen_string_literal: true
+
 require 'base64'
 require 'encryptor'
 require 'json'
+require 'sidekiq'
 require 'sidekiq-field-encryptor/version'
 
 # This middleware configures encryption of any fields that can contain sensitive
@@ -22,9 +25,10 @@ require 'sidekiq-field-encryptor/version'
 # Will encrypt the values {'x' => 1} and 'b' when storing the job in Redis and
 # decrypt the values inside the client before the job is executed.
 module SidekiqFieldEncryptor
-  SERIALIZE_JSON = 'json'.freeze
-  SERIALIZE_MARHSALL = 'marshal'.freeze
+  SERIALIZE_JSON = 'json'
+  SERIALIZE_MARHSALL = 'marshal'
 
+  # Shared methods between client and base
   class Base
     def initialize(options = {})
       @encryption_key = options[:encryption_key]
@@ -60,7 +64,7 @@ module SidekiqFieldEncryptor
         JSON.parse(value, quirks_mode: true)
       when SERIALIZE_MARHSALL, nil
         # No method used to be Marshall, so we respect this here
-        Marshal.load(value)
+        Marshal.load(value) # rubocop:disable Security/MarshalLoad
       else
         raise "Invalid serialization_method: #{@serialization_method}"
       end
@@ -68,7 +72,7 @@ module SidekiqFieldEncryptor
 
     def encrypt(value)
       plaintext = serialize(value)
-      iv = OpenSSL::Cipher::Cipher.new(@encryption_algorithm).random_iv
+      iv = OpenSSL::Cipher.new(@encryption_algorithm).random_iv
       args = { key: @encryption_key, iv: iv, algorithm: @encryption_algorithm }
       ciphertext = ::Encryptor.encrypt(plaintext, **args)
       [
@@ -85,36 +89,44 @@ module SidekiqFieldEncryptor
       args = { key: @encryption_key, iv: iv, algorithm: @encryption_algorithm }
       plaintext = ::Encryptor.decrypt(ciphertext, **args)
       deserialize(serialization_method, plaintext)
+    rescue OpenSSL::Cipher::CipherError
+      raise 'Could not decrypt - is the encryption key correct?'
     end
 
     def process_message(message)
       fields = @encrypted_fields[message['class']]
       return unless fields
+
       assert_key_configured
       message['args'].size.times.each do |arg_index|
         to_encrypt = fields[arg_index]
         next unless to_encrypt
+
         raw_value = message['args'][arg_index]
         if to_encrypt == true
           message['args'][arg_index] = yield(raw_value)
         elsif to_encrypt.is_a?(Array) && raw_value.is_a?(Hash)
-          message['args'][arg_index] = Hash[raw_value.map do |key, value|
+          message['args'][arg_index] = raw_value.to_h do |key, value|
             value = yield(value) if to_encrypt.member?(key.to_s)
             [key, value]
-          end]
+          end
         end
       end
     end
   end
 
+  # Used when encrypting fields
   class Client < Base
+    include Sidekiq::ClientMiddleware
     def call(_, message, _, _)
       process_message(message) { |value| encrypt(value) }
       yield
     end
   end
 
+  # Used when decrypting fields
   class Server < Base
+    include Sidekiq::ServerMiddleware
     def call(_, message, _)
       process_message(message) { |value| decrypt(value) }
       yield

data/lib/sidekiq-field-encryptor/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module SidekiqFieldEncryptor
-  VERSION = '0.2.0'.freeze
+  VERSION = '0.4.0'
 end

data/lib/sidekiq-field-encryptor.rb

@@ -1,2 +1,4 @@
+# frozen_string_literal: true
+
 require 'sidekiq-field-encryptor/version'
 require 'sidekiq-field-encryptor/encryptor'

data/sidekiq-field-encryptor.gemspec

@@ -1,5 +1,6 @@
-# encoding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 require 'English'
@@ -16,13 +17,15 @@ Gem::Specification.new do |spec|
   spec.license       = 'MIT'
 
   spec.files         = `git ls-files`.split($RS)
-  spec.test_files    = spec.files.grep(%r{^spec/})
   spec.require_paths = ['lib']
 
   spec.add_dependency 'encryptor'
+  spec.add_dependency 'sidekiq'
 
   spec.add_development_dependency 'bundler'
-  spec.add_development_dependency 'aptible-tasks'
   spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rspec', '~> 3.12'
+  spec.add_development_dependency 'rubocop', '< 1.78'
+  spec.add_development_dependency 'rubocop-rspec', '~> 2.16.0'
+  spec.metadata['rubygems_mfa_required'] = 'true'
 end

data/spec/sidekiq-field-encryptor/encryptor_spec.rb

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 
 describe SidekiqFieldEncryptor::Client do
-  let(:key) { OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_key }
+  let(:key) { OpenSSL::Cipher.new('aes-256-cbc').random_key }
   let(:message) do
     { 'class' => 'FooJob', 'args' => [1, 2, { 'a' => 'A', 'b' => 'B' }] }
   end
@@ -10,8 +12,9 @@ describe SidekiqFieldEncryptor::Client do
     it "doesn't fail when encryption isn't attempted" do
       subject.call('FooJob', message, nil, nil) {}
     end
+
     it 'fails when encryption is attempted' do
-      client = SidekiqFieldEncryptor::Client.new(
+      client = described_class.new(
         encrypted_fields: { 'FooJob' => { 1 => true } }
       )
       expect { client.call('FooJob', message, nil, nil) {} }
@@ -21,9 +24,9 @@ describe SidekiqFieldEncryptor::Client do
 
   describe 'with an encryption key' do
     subject do
-      SidekiqFieldEncryptor::Client.new(
+      described_class.new(
         encryption_key: key,
-        encrypted_fields: { 'FooJob' => { 1 => true, 2 => %w(b d) } }
+        encrypted_fields: { 'FooJob' => { 1 => true, 2 => %w[b d] } }
       )
     end
 
@@ -37,16 +40,16 @@ describe SidekiqFieldEncryptor::Client do
   end
 
   it 'supports setting the encryption algorithm' do
-    key = OpenSSL::Cipher::Cipher.new('aes-128-cbc').random_key
-    fields = { 'FooJob' => { 1 => true, 2 => %w(b d) } }
+    key = OpenSSL::Cipher.new('aes-128-cbc').random_key
+    fields = { 'FooJob' => { 1 => true, 2 => %w[b d] } }
 
-    ko = SidekiqFieldEncryptor::Client.new(
+    ko = described_class.new(
       encryption_key: key,
       encryption_algorithm: 'aes-256-cbc',
       encrypted_fields: fields
     )
 
-    ok = SidekiqFieldEncryptor::Client.new(
+    ok = described_class.new(
       encryption_key: key,
       encryption_algorithm: 'aes-128-cbc',
       encrypted_fields: fields
@@ -60,7 +63,7 @@ describe SidekiqFieldEncryptor::Client do
 end
 
 describe SidekiqFieldEncryptor::Server do
-  let(:key) { OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_key }
+  let(:key) { OpenSSL::Cipher.new('aes-256-cbc').random_key }
   let(:message) do
     { 'class' => 'FooJob', 'args' => [1, 2, { 'a' => 'A', 'b' => 'B' }] }
   end
@@ -69,8 +72,9 @@ describe SidekiqFieldEncryptor::Server do
     it "doesn't fail when decryption isn't attempted" do
       subject.call('FooJob', message, nil) {}
     end
+
     it 'fails when decryption is attempted' do
-      server = SidekiqFieldEncryptor::Server.new(
+      server = described_class.new(
         encrypted_fields: { 'FooJob' => { 1 => true } }
       )
       expect { server.call('FooJob', message, nil) {} }
@@ -80,9 +84,9 @@ describe SidekiqFieldEncryptor::Server do
 
   describe 'with an encryption key' do
     subject do
-      SidekiqFieldEncryptor::Server.new(
+      described_class.new(
         encryption_key: key,
-        encrypted_fields: { 'FooJob' => { 1 => true, 2 => %w(b d) } }
+        encrypted_fields: { 'FooJob' => { 1 => true, 2 => %w[b d] } }
       )
     end
 
@@ -95,16 +99,16 @@ describe SidekiqFieldEncryptor::Server do
     end
 
     it 'supports setting the encryption algorithm' do
-      key = OpenSSL::Cipher::Cipher.new('aes-128-cbc').random_key
+      key = OpenSSL::Cipher.new('aes-128-cbc').random_key
       fields = { 'FooJob' => { 1 => true } }
 
-      ko = SidekiqFieldEncryptor::Server.new(
+      ko = described_class.new(
         encryption_key: key,
         encryption_algorithm: 'aes-256-cbc',
         encrypted_fields: fields
       )
 
-      ok = SidekiqFieldEncryptor::Server.new(
+      ok = described_class.new(
         encryption_key: key,
         encryption_algorithm: 'aes-128-cbc',
         encrypted_fields: fields
@@ -119,7 +123,7 @@ describe SidekiqFieldEncryptor::Server do
     end
 
     it 'fails if the serialization methods are different' do
-      r = SidekiqFieldEncryptor::Server.new(
+      r = described_class.new(
         encryption_key: key,
         encrypted_fields: { 'FooJob' => { 1 => true } },
         serialization_method: SidekiqFieldEncryptor::SERIALIZE_JSON
@@ -137,7 +141,7 @@ describe SidekiqFieldEncryptor::Server do
     end
 
     it 'allows compat serialization' do
-      r = SidekiqFieldEncryptor::Server.new(
+      r = described_class.new(
         encryption_key: key,
         encrypted_fields: { 'FooJob' => { 1 => true } },
         serialization_method: SidekiqFieldEncryptor::SERIALIZE_JSON,

data/spec/spec_helper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sidekiq-field-encryptor
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Blake Pettersson
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-07-31 00:00:00.000000000 Z
+date: 2025-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: encryptor
@@ -25,13 +25,13 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: sidekiq
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -39,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: aptible-tasks
+  name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -70,16 +70,44 @@ dependencies:
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.78'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.78'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.16.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.16.0
 description: Selectively encrypt fields in Sidekiq
 email:
 - blake@aptible.com
@@ -87,13 +115,19 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/CODEOWNERS"
+- ".github/workflows/test.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
+- ".rubocop-https---raw-githubusercontent-com-aptible-dryer-lint-main--rubocop-base-yml"
+- ".rubocop.yml"
+- ".rubocop_ignore.yml"
 - Gemfile
 - LICENSE.md
+- Makefile
 - README.md
 - Rakefile
+- SECURITY.md
 - lib/sidekiq-field-encryptor.rb
 - lib/sidekiq-field-encryptor/encryptor.rb
 - lib/sidekiq-field-encryptor/version.rb
@@ -103,8 +137,9 @@ files:
 homepage: https://github.com/aptible/sidekiq-field-encryptor
 licenses:
 - MIT
-metadata: {}
-post_install_message: 
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -119,11 +154,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.4.10
+signing_key:
 specification_version: 4
 summary: Selectively encrypt fields sent into Sidekiq
-test_files:
-- spec/sidekiq-field-encryptor/encryptor_spec.rb
-- spec/spec_helper.rb
+test_files: []

data/.travis.yml

@@ -1,3 +0,0 @@
-rvm:
-  - "2.1"
-  - 2.0.0