sidekiq-field-encryptor 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +18 -0
- data/.rspec +2 -0
- data/.travis.yml +4 -0
- data/Gemfile +4 -0
- data/LICENSE.md +22 -0
- data/README.md +32 -0
- data/Rakefile +4 -0
- data/lib/sidekiq-field-encryptor.rb +2 -0
- data/lib/sidekiq-field-encryptor/encryptor.rb +64 -0
- data/lib/sidekiq-field-encryptor/version.rb +3 -0
- data/sidekiq-field-encryptor.gemspec +28 -0
- data/spec/sidekiq-field-encryptor/encryptor_spec.rb +75 -0
- data/spec/spec_helper.rb +10 -0
- metadata +129 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 204c8e1c027462e1fd8b44117a1e2a7953f3f793
|
4
|
+
data.tar.gz: 5d0f753a7031408d647d9508def52146c4d8609a
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 86b140ff56fc6cb4d3baf1901fb42b8f34a2bc2f0955280b497b3956c83d6505ae00df0da5057aa8d75ff7dc32952cb8b09baa24317320e03744252d80f2762f
|
7
|
+
data.tar.gz: 9904d3395415ad5c0697e86c238273a17d85dda7717f7de28e53878edf59038960b7dfba9b9c7b954b3c6dffac054f7406c0887f39bcec344927bb79da3ce563
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/LICENSE.md
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2015 Aptible, Inc.
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
# ![](https://raw.github.com/aptible/straptible/master/lib/straptible/rails/templates/public.api/icon-60px.png) Sidekiq::Field::Encryptor
|
2
|
+
|
3
|
+
[![Gem Version](https://badge.fury.io/rb/sidekiq-field-encryptor.png)](https://rubygems.org/gems/sidekiq-field-encryptor)
|
4
|
+
[![Build Status](https://travis-ci.org/aptible/sidekiq-field-encryptor.png?branch=master)](https://travis-ci.org/aptible/sidekiq-field-encryptor)
|
5
|
+
[![Dependency Status](https://gemnasium.com/aptible/sidekiq-field-encryptor.png)](https://gemnasium.com/aptible/sidekiq-field-encryptor)
|
6
|
+
|
7
|
+
TODO: Add description.
|
8
|
+
|
9
|
+
## Installation
|
10
|
+
|
11
|
+
Add the following line to your application's Gemfile.
|
12
|
+
|
13
|
+
gem 'sidekiq-field-encryptor'
|
14
|
+
|
15
|
+
And then run `bundle install`.
|
16
|
+
|
17
|
+
## Usage
|
18
|
+
|
19
|
+
TODO: Add usage notes.
|
20
|
+
|
21
|
+
## Contributing
|
22
|
+
|
23
|
+
1. Fork the project.
|
24
|
+
1. Commit your changes, with specs.
|
25
|
+
1. Ensure that your code passes specs (`rake spec`) and meets Aptible's Ruby style guide (`rake rubocop`).
|
26
|
+
1. Create a new pull request on GitHub.
|
27
|
+
|
28
|
+
## Copyright and License
|
29
|
+
|
30
|
+
MIT License, see [LICENSE](LICENSE.md) for details.
|
31
|
+
|
32
|
+
Copyright (c) 2015 [Aptible](https://www.aptible.com), Blake Pettersson, and contributors.
|
data/Rakefile
ADDED
@@ -0,0 +1,64 @@
|
|
1
|
+
require 'base64'
|
2
|
+
require 'encryptor'
|
3
|
+
require 'sidekiq-field-encryptor/version'
|
4
|
+
|
5
|
+
module SidekiqFieldEncryptor
|
6
|
+
class Base
|
7
|
+
def initialize(options = {})
|
8
|
+
@encryption_key = options[:encryption_key]
|
9
|
+
@encrypted_fields = options[:encrypted_fields] || {}
|
10
|
+
end
|
11
|
+
|
12
|
+
def assert_key_configured
|
13
|
+
fail 'Encryption key not configured' if @encryption_key.nil?
|
14
|
+
end
|
15
|
+
|
16
|
+
def encrypt(value)
|
17
|
+
plaintext = Marshal.dump(value)
|
18
|
+
iv = OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_iv
|
19
|
+
args = { key: @encryption_key, iv: iv }
|
20
|
+
ciphertext = ::Encryptor.encrypt(plaintext, **args)
|
21
|
+
[::Base64.encode64(ciphertext), ::Base64.encode64(iv)]
|
22
|
+
end
|
23
|
+
|
24
|
+
def decrypt(encrypted)
|
25
|
+
ciphertext, iv = encrypted.map { |value| ::Base64.decode64(value) }
|
26
|
+
args = { key: @encryption_key, iv: iv }
|
27
|
+
plaintext = ::Encryptor.decrypt(ciphertext, **args)
|
28
|
+
Marshal.load(plaintext)
|
29
|
+
end
|
30
|
+
|
31
|
+
def process_message(message)
|
32
|
+
fields = @encrypted_fields[message['class']]
|
33
|
+
return unless fields
|
34
|
+
assert_key_configured
|
35
|
+
message['args'].size.times.each do |arg_index|
|
36
|
+
to_encrypt = fields[arg_index]
|
37
|
+
next unless to_encrypt
|
38
|
+
raw_value = message['args'][arg_index]
|
39
|
+
if to_encrypt == true
|
40
|
+
message['args'][arg_index] = yield(raw_value)
|
41
|
+
elsif to_encrypt.is_a?(Array) && raw_value.is_a?(Hash)
|
42
|
+
message['args'][arg_index] = Hash[raw_value.map do |key, value|
|
43
|
+
value = yield(value) if to_encrypt.member?(key.to_s)
|
44
|
+
[key, value]
|
45
|
+
end]
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
class Client < Base
|
52
|
+
def call(_, message, _, _)
|
53
|
+
process_message(message) { |value| encrypt(value) }
|
54
|
+
yield
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
class Server < Base
|
59
|
+
def call(_, message, _)
|
60
|
+
process_message(message) { |value| decrypt(value) }
|
61
|
+
yield
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
|
5
|
+
require 'English'
|
6
|
+
require 'sidekiq-field-encryptor/version'
|
7
|
+
|
8
|
+
Gem::Specification.new do |spec|
|
9
|
+
spec.name = 'sidekiq-field-encryptor'
|
10
|
+
spec.version = SidekiqFieldEncryptor::VERSION
|
11
|
+
spec.authors = ['Blake Pettersson']
|
12
|
+
spec.email = ['blake@aptible.com']
|
13
|
+
spec.description = 'Selectively encrypt fields in Sidekiq'
|
14
|
+
spec.summary = 'Selectively encrypt fields sent into Sidekiq'
|
15
|
+
spec.homepage = 'https://github.com/aptible/sidekiq-field-encryptor'
|
16
|
+
spec.license = 'MIT'
|
17
|
+
|
18
|
+
spec.files = `git ls-files`.split($RS)
|
19
|
+
spec.test_files = spec.files.grep(%r{^spec/})
|
20
|
+
spec.require_paths = ['lib']
|
21
|
+
|
22
|
+
spec.add_dependency 'encryptor'
|
23
|
+
|
24
|
+
spec.add_development_dependency 'bundler'
|
25
|
+
spec.add_development_dependency 'aptible-tasks'
|
26
|
+
spec.add_development_dependency 'rake'
|
27
|
+
spec.add_development_dependency 'rspec'
|
28
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe SidekiqFieldEncryptor::Client do
|
4
|
+
let(:key) { OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_key }
|
5
|
+
let(:message) do
|
6
|
+
{ 'class' => 'FooJob', 'args' => [1, 2, { 'a' => 'A', 'b' => 'B' }] }
|
7
|
+
end
|
8
|
+
|
9
|
+
describe 'with no encryption key' do
|
10
|
+
it "doesn't fail when encryption isn't attempted" do
|
11
|
+
subject.call('FooJob', message, nil, nil) {}
|
12
|
+
end
|
13
|
+
it 'fails when encryption is attempted' do
|
14
|
+
client = SidekiqFieldEncryptor::Client.new(
|
15
|
+
encrypted_fields: { 'FooJob' => { 1 => true } })
|
16
|
+
expect { client.call('FooJob', message, nil, nil) {} }
|
17
|
+
.to raise_error('Encryption key not configured')
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
describe 'with an encryption key' do
|
22
|
+
subject do
|
23
|
+
SidekiqFieldEncryptor::Client.new(
|
24
|
+
encryption_key: key,
|
25
|
+
encrypted_fields: {
|
26
|
+
'FooJob' => { 1 => true, 2 => %w(b d) }
|
27
|
+
})
|
28
|
+
end
|
29
|
+
|
30
|
+
it 'encrypts only fields specified by the encryption config' do
|
31
|
+
subject.call('FooJob', message, nil, nil) {}
|
32
|
+
expect(message['args'][0]).to eq(1)
|
33
|
+
expect(subject.decrypt(message['args'][1])).to eq(2)
|
34
|
+
expect(message['args'][2]['a']).to eq('A')
|
35
|
+
expect(subject.decrypt(message['args'][2]['b'])).to eq('B')
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
describe SidekiqFieldEncryptor::Server do
|
41
|
+
let(:key) { OpenSSL::Cipher::Cipher.new('aes-256-cbc').random_key }
|
42
|
+
let(:message) do
|
43
|
+
{ 'class' => 'FooJob', 'args' => [1, 2, { 'a' => 'A', 'b' => 'B' }] }
|
44
|
+
end
|
45
|
+
|
46
|
+
describe 'with no encryption key' do
|
47
|
+
it "doesn't fail when decryption isn't attempted" do
|
48
|
+
subject.call('FooJob', message, nil) {}
|
49
|
+
end
|
50
|
+
it 'fails when decryption is attempted' do
|
51
|
+
server = SidekiqFieldEncryptor::Server.new(
|
52
|
+
encrypted_fields: { 'FooJob' => { 1 => true } })
|
53
|
+
expect { server.call('FooJob', message, nil) {} }
|
54
|
+
.to raise_error('Encryption key not configured')
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
describe 'with an encryption key' do
|
59
|
+
subject do
|
60
|
+
SidekiqFieldEncryptor::Server.new(
|
61
|
+
encryption_key: key,
|
62
|
+
encrypted_fields: {
|
63
|
+
'FooJob' => { 1 => true, 2 => %w(b d) }
|
64
|
+
})
|
65
|
+
end
|
66
|
+
|
67
|
+
it 'decrypts all fields specified by the encryption config' do
|
68
|
+
original_message = message.dup
|
69
|
+
message['args'][1] = subject.encrypt(message['args'][1])
|
70
|
+
message['args'][2]['b'] = subject.encrypt(message['args'][2]['b'])
|
71
|
+
subject.call('FooJob', message, nil) {}
|
72
|
+
expect(message).to eq(original_message)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,10 @@
|
|
1
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
2
|
+
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
3
|
+
|
4
|
+
# Load shared spec files
|
5
|
+
Dir["#{File.dirname(__FILE__)}/shared/**/*.rb"].each do |file|
|
6
|
+
require file
|
7
|
+
end
|
8
|
+
|
9
|
+
# Require library up front
|
10
|
+
require 'sidekiq-field-encryptor/encryptor'
|
metadata
ADDED
@@ -0,0 +1,129 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: sidekiq-field-encryptor
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Blake Pettersson
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-09-01 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: encryptor
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - '>='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - '>='
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: bundler
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - '>='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - '>='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: aptible-tasks
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - '>='
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - '>='
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rake
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - '>='
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - '>='
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rspec
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - '>='
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - '>='
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
description: Selectively encrypt fields in Sidekiq
|
84
|
+
email:
|
85
|
+
- blake@aptible.com
|
86
|
+
executables: []
|
87
|
+
extensions: []
|
88
|
+
extra_rdoc_files: []
|
89
|
+
files:
|
90
|
+
- .gitignore
|
91
|
+
- .rspec
|
92
|
+
- .travis.yml
|
93
|
+
- Gemfile
|
94
|
+
- LICENSE.md
|
95
|
+
- README.md
|
96
|
+
- Rakefile
|
97
|
+
- lib/sidekiq-field-encryptor.rb
|
98
|
+
- lib/sidekiq-field-encryptor/encryptor.rb
|
99
|
+
- lib/sidekiq-field-encryptor/version.rb
|
100
|
+
- sidekiq-field-encryptor.gemspec
|
101
|
+
- spec/sidekiq-field-encryptor/encryptor_spec.rb
|
102
|
+
- spec/spec_helper.rb
|
103
|
+
homepage: https://github.com/aptible/sidekiq-field-encryptor
|
104
|
+
licenses:
|
105
|
+
- MIT
|
106
|
+
metadata: {}
|
107
|
+
post_install_message:
|
108
|
+
rdoc_options: []
|
109
|
+
require_paths:
|
110
|
+
- lib
|
111
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
112
|
+
requirements:
|
113
|
+
- - '>='
|
114
|
+
- !ruby/object:Gem::Version
|
115
|
+
version: '0'
|
116
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
117
|
+
requirements:
|
118
|
+
- - '>='
|
119
|
+
- !ruby/object:Gem::Version
|
120
|
+
version: '0'
|
121
|
+
requirements: []
|
122
|
+
rubyforge_project:
|
123
|
+
rubygems_version: 2.4.5
|
124
|
+
signing_key:
|
125
|
+
specification_version: 4
|
126
|
+
summary: Selectively encrypt fields sent into Sidekiq
|
127
|
+
test_files:
|
128
|
+
- spec/sidekiq-field-encryptor/encryptor_spec.rb
|
129
|
+
- spec/spec_helper.rb
|