symmetric-encryption 4.1.2 → 4.5.0

data/lib/symmetric_encryption/cli.rb

@@ -1,5 +1,5 @@
-require 'optparse'
-require 'fileutils'
+require "optparse"
+require "fileutils"
 module SymmetricEncryption
   class CLI
     attr_reader :key_path, :app_name, :encrypt, :config_file_path,
@@ -8,7 +8,7 @@ module SymmetricEncryption
                 :environments, :cipher_name, :rolling_deploy, :rotate_keys, :rotate_kek, :prompt, :show_version,
                 :cleanup_keys, :activate_key, :migrate, :regions
 
-    KEYSTORES = %i[heroku environment file].freeze
+    KEYSTORES = %i[aws heroku environment file gcp].freeze
 
     def self.run!(argv)
       new(argv).run!
@@ -16,11 +16,11 @@ module SymmetricEncryption
 
     def initialize(argv)
       @version          = current_version
-      @environment      = ENV['SYMMETRIC_ENCRYPTION_ENV'] || ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
-      @config_file_path = File.expand_path(ENV['SYMMETRIC_ENCRYPTION_CONFIG'] || 'config/symmetric-encryption.yml')
-      @app_name         = 'symmetric-encryption'
-      @key_path         = '~/.symmetric-encryption'
-      @cipher_name      = 'aes-256-cbc'
+      @environment      = ENV["SYMMETRIC_ENCRYPTION_ENV"] || ENV["RACK_ENV"] || ENV["RAILS_ENV"] || "development"
+      @config_file_path = File.expand_path(ENV["SYMMETRIC_ENCRYPTION_CONFIG"] || "config/symmetric-encryption.yml")
+      @app_name         = "symmetric-encryption"
+      @key_path         = "#{ENV['HOME']}/.symmetric-encryption"
+      @cipher_name      = "aes-256-cbc"
       @rolling_deploy   = false
       @prompt           = false
       @show_version     = false
@@ -34,7 +34,7 @@ module SymmetricEncryption
     end
 
     def run!
-      raise(ArgumentError, 'Cannot cleanup keys and rotate keys at the same time') if cleanup_keys && rotate_keys
+      raise(ArgumentError, "Cannot cleanup keys and rotate keys at the same time") if cleanup_keys && rotate_keys
 
       if show_version
         puts "Symmetric Encryption v#{VERSION}"
@@ -70,11 +70,11 @@ module SymmetricEncryption
     end
 
     def parser
-      @parser     ||= OptionParser.new do |opts|
+      @parser ||= OptionParser.new do |opts|
         opts.banner = <<~BANNER
           Symmetric Encryption v#{VERSION}
 
-            For more information, see: https://rocketjob.github.io/symmetric-encryption/
+            For more information, see: https://encryption.rocketjob.io/
 
             Note:
               It is recommended to backup the current configuration file, or place it in version control before running
@@ -83,113 +83,129 @@ module SymmetricEncryption
           symmetric-encryption [options]
         BANNER
 
-        opts.on '-e', '--encrypt [FILE_NAME]', 'Encrypt a file, or read from stdin if no file name is supplied.' do |file_name|
+        opts.on "-e", "--encrypt [FILE_NAME]", "Encrypt a file, or read from stdin if no file name is supplied." do |file_name|
           @encrypt = file_name || STDIN
         end
 
-        opts.on '-d', '--decrypt [FILE_NAME]', 'Decrypt a file, or read from stdin if no file name is supplied.' do |file_name|
+        opts.on "-d", "--decrypt [FILE_NAME]", "Decrypt a file, or read from stdin if no file name is supplied." do |file_name|
           @decrypt = file_name || STDIN
         end
 
-        opts.on '-o', '--output FILE_NAME', 'Write encrypted or decrypted file to this file, otherwise output goes to stdout.' do |file_name|
+        opts.on "-o", "--output FILE_NAME",
+                "Write encrypted or decrypted file to this file, otherwise output goes to stdout." do |file_name|
           @output_file_name = file_name
         end
 
-        opts.on '-P', '--prompt', 'When encrypting or decrypting, prompt for a string encrypt or decrypt.' do
+        opts.on "-P", "--prompt", "When encrypting or decrypting, prompt for a string encrypt or decrypt." do
           @prompt = true
         end
 
-        opts.on '-z', '--compress', 'Compress encrypted output file. [Default for encrypting files]' do
+        opts.on "-z", "--compress", "Compress encrypted output file. [Default for encrypting files]" do
           @compress = true
         end
 
-        opts.on '-Z', '--no-compress', 'Does not compress the output file. [Default for encrypting strings]' do
+        opts.on "-Z", "--no-compress", "Does not compress the output file. [Default for encrypting strings]" do
           @compress = false
         end
 
-        opts.on '-E', '--env ENVIRONMENT', "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
+        opts.on "-E", "--env ENVIRONMENT",
+                "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
           @environment = environment
         end
 
-        opts.on '-c', '--config CONFIG_FILE_PATH', 'File name & path to the Symmetric Encryption configuration file. Default: config/symmetric-encryption.yml or Env var: `SYMMETRIC_ENCRYPTION_CONFIG`' do |path|
+        opts.on "-c", "--config CONFIG_FILE_PATH",
+                "File name & path to the Symmetric Encryption configuration file. Default: config/symmetric-encryption.yml or Env var: `SYMMETRIC_ENCRYPTION_CONFIG`" do |path|
           @config_file_path = path
         end
 
-        opts.on '-m', '--migrate', 'Migrate configuration file to new format.' do
+        opts.on "-m", "--migrate", "Migrate configuration file to new format." do
           @migrate = true
         end
 
-        opts.on '-r', '--re-encrypt [PATTERN]', 'ReEncrypt all files matching the pattern. Default:  "**/*.{yml,rb}"' do |pattern|
-          @re_encrypt = pattern || '**/*.{yml,rb}'
+        opts.on "-r", "--re-encrypt [PATTERN]",
+                'ReEncrypt all files matching the pattern. Default:  "**/*.{yml,rb}"' do |pattern|
+          @re_encrypt = pattern || "**/*.{yml,rb}"
         end
 
-        opts.on '-n', '--new-password [SIZE]', 'Generate a new random password using only characters that are URL-safe base64. Default size is 22.' do |size|
+        opts.on "-n", "--new-password [SIZE]",
+                "Generate a new random password using only characters that are URL-safe base64. Default size is 22." do |size|
           @random_password = (size || 22).to_i
         end
 
-        opts.on '-g', '--generate', 'Generate a new configuration file and encryption keys for every environment.' do |config|
+        opts.on "-g", "--generate", "Generate a new configuration file and encryption keys for every environment." do |config|
           @generate = config
         end
 
-        opts.on '-s', '--keystore heroku|environment|file|aws', 'Which keystore to use during generation or re-encryption.' do |keystore|
-          @keystore = (keystore || 'file').downcase.to_sym
+        opts.on "-s", "--keystore heroku|environment|file|aws|gcp",
+                "Which keystore to use during generation or re-encryption." do |keystore|
+          @keystore = (keystore || "file").downcase.to_sym
         end
 
-        opts.on '-B', '--regions [us-east-1,us-east-2,us-west-1,us-west-2]', 'AWS KMS Regions to encrypt data key with.' do |regions|
-          @regions = regions.to_s.split(',').collect(&:strip) if regions
+        opts.on "-B", "--regions [us-east-1,us-east-2,us-west-1,us-west-2]",
+                "AWS KMS Regions to encrypt data key with." do |regions|
+          @regions = regions.to_s.split(",").collect(&:strip) if regions
         end
 
-        opts.on '-K', '--key-path KEY_PATH', 'Output path in which to write generated key files. Default: ~/.symmetric-encryption' do |path|
+        opts.on "-K", "--key-path KEY_PATH",
+                "Output path in which to write generated key files. Default: ~/.symmetric-encryption" do |path|
           @key_path = path
         end
 
-        opts.on '-a', '--app-name NAME', 'Application name to use when generating a new configuration. Default: symmetric-encryption' do |name|
+        opts.on "-a", "--app-name NAME",
+                "Application name to use when generating a new configuration. Default: symmetric-encryption" do |name|
           @app_name = name
         end
 
-        opts.on '-S', '--environments ENVIRONMENTS', 'Comma separated list of environments for which to generate the config file. Default: development,test,release,production' do |environments|
-          @environments = environments.split(',').collect(&:strip).collect(&:to_sym)
+        opts.on "-S", "--environments ENVIRONMENTS",
+                "Comma separated list of environments for which to generate the config file. Default: development,test,release,production" do |environments|
+          @environments = environments.split(",").collect(&:strip).collect(&:to_sym)
         end
 
-        opts.on '-C', '--cipher-name NAME', 'Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc' do |name|
+        opts.on "-C", "--cipher-name NAME",
+                "Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc" do |name|
           @cipher_name = name
         end
 
-        opts.on '-R', '--rotate-keys', 'Generates a new encryption key version, encryption key files, and updates the configuration file.' do
+        opts.on "-R", "--rotate-keys",
+                "Generates a new encryption key version, encryption key files, and updates the configuration file." do
           @rotate_keys = true
         end
 
-        opts.on '-U', '--rotate-kek', 'Replace the existing key encrypting keys only, the data encryption key is not changed, and updates the configuration file.' do
+        opts.on "-U", "--rotate-kek",
+                "Replace the existing key encrypting keys only, the data encryption key is not changed, and updates the configuration file." do
           @rotate_kek = true
         end
 
-        opts.on '-D', '--rolling-deploy', 'During key rotation, support a rolling deploy by placing the new key second in the list so that it is not activated yet.' do
+        opts.on "-D", "--rolling-deploy",
+                "During key rotation, support a rolling deploy by placing the new key second in the list so that it is not activated yet." do
           @rolling_deploy = true
         end
 
-        opts.on '-A', '--activate-key', 'Activates the key by moving the key with the highest version to the top.' do
+        opts.on "-A", "--activate-key", "Activates the key by moving the key with the highest version to the top." do
           @activate_key = true
         end
 
-        opts.on '-X', '--cleanup-keys', 'Removes all encryption keys, except the one with the highest version from the configuration file.' do
+        opts.on "-X", "--cleanup-keys",
+                "Removes all encryption keys, except the one with the highest version from the configuration file." do
           @cleanup_keys = true
         end
 
-        opts.on '-V', '--key-version NUMBER', 'Encryption key version to use when encrypting or re-encrypting. Default: (Current global version).' do |number|
+        opts.on "-V", "--key-version NUMBER",
+                "Encryption key version to use when encrypting or re-encrypting. Default: (Current global version)." do |number|
           @version = number.to_i
         end
 
-        opts.on '-L', '--ciphers', 'List available OpenSSL ciphers.' do
+        opts.on "-L", "--ciphers", "List available OpenSSL ciphers." do
           puts "OpenSSL v#{OpenSSL::VERSION}. Available Ciphers:"
           puts OpenSSL::Cipher.ciphers.join("\n")
           exit
         end
 
-        opts.on '-v', '--version', 'Display Symmetric Encryption version.' do
+        opts.on "-v", "--version", "Display Symmetric Encryption version." do
           @show_version = true
         end
 
-        opts.on('-h', '--help', 'Prints this help.') do
+        opts.on("-h", "--help", "Prints this help.") do
           puts opts
           exit
         end
@@ -212,7 +228,7 @@ module SymmetricEncryption
 
       config_file_does_not_exist!
       self.environments ||= %i[development test release production]
-      args                = {
+      args = {
         app_name:     app_name,
         environments: environments,
         cipher_name:  cipher_name
@@ -237,7 +253,8 @@ module SymmetricEncryption
       end
 
       config = Config.read_file(config_file_path)
-      SymmetricEncryption::Keystore.rotate_keys!(config, environments: environments || [], app_name: app_name, rolling_deploy: rolling_deploy, keystore: keystore)
+      SymmetricEncryption::Keystore.rotate_keys!(config, environments: environments || [], app_name: app_name,
+rolling_deploy: rolling_deploy, keystore: keystore)
       Config.write_file(config_file_path, config)
       puts "Existing configuration file updated with new keys: #{config_file_path}"
     end
@@ -255,7 +272,7 @@ module SymmetricEncryption
         next if environments && !environments.include?(env.to_sym)
         next unless ciphers = cfg[:ciphers]
 
-        highest             = ciphers.max_by { |i| i[:version] }
+        highest = ciphers.max_by { |i| i[:version] }
         ciphers.clear
         ciphers << highest
       end
@@ -270,7 +287,7 @@ module SymmetricEncryption
         next if environments && !environments.include?(env.to_sym)
         next unless ciphers = cfg[:ciphers]
 
-        highest             = ciphers.max_by { |i| i[:version] }
+        highest = ciphers.max_by { |i| i[:version] }
         ciphers.delete(highest)
         ciphers.unshift(highest)
       end
@@ -280,7 +297,8 @@ module SymmetricEncryption
     end
 
     def encrypt_file(input_file_name)
-      SymmetricEncryption::Writer.encrypt(source: input_file_name, target: output_file_name || STDOUT, compress: compress, version: version)
+      SymmetricEncryption::Writer.encrypt(source: input_file_name, target: output_file_name || STDOUT, compress: compress,
+version: version)
     end
 
     def decrypt_file(input_file_name)
@@ -289,38 +307,38 @@ module SymmetricEncryption
 
     def decrypt_string
       begin
-        require 'highline'
+        require "highline"
       rescue LoadError
         puts("\nPlease install gem highline before using the command line task to decrypt an entered string.\n   gem install \"highline\"\n\n")
-        exit -2
+        exit(-2)
       end
 
-      encrypted = HighLine.new.ask('Enter the value to decrypt:')
+      encrypted = HighLine.new.ask("Enter the value to decrypt:")
       text      = SymmetricEncryption.cipher(version).decrypt(encrypted)
 
       puts("\n\nEncrypted: #{encrypted}")
-      output_file_name ? File.open(output_file_name, 'wb') { |f| f << text } : puts("Decrypted: #{text}\n\n")
+      output_file_name ? File.open(output_file_name, "wb") { |f| f << text } : puts("Decrypted: #{text}\n\n")
     end
 
     def encrypt_string
       begin
-        require 'highline'
+        require "highline"
       rescue LoadError
         puts("\nPlease install gem highline before using the command line task to encrypt an entered string.\n   gem install \"highline\"\n\n")
-        exit -2
+        exit(-2)
       end
       value1 = nil
       value2 = 0
 
       while value1 != value2
-        value1 = HighLine.new.ask('Enter the value to encrypt:') { |q| q.echo = '*' }
-        value2 = HighLine.new.ask('Re-enter the value to encrypt:') { |q| q.echo = '*' }
+        value1 = HighLine.new.ask("Enter the value to encrypt:") { |q| q.echo = "*" }
+        value2 = HighLine.new.ask("Re-enter the value to encrypt:") { |q| q.echo = "*" }
 
-        puts('Values do not match, please try again') if value1 != value2
+        puts("Values do not match, please try again") if value1 != value2
       end
       compress  = false if compress.nil?
       encrypted = SymmetricEncryption.cipher(version).encrypt(value1, compress: compress)
-      output_file_name ? File.open(output_file_name, 'wb') { |f| f << encrypted } : puts("\n\nEncrypted: #{encrypted}\n\n")
+      output_file_name ? File.open(output_file_name, "wb") { |f| f << encrypted } : puts("\n\nEncrypted: #{encrypted}\n\n")
     end
 
     def gen_random_password(size)
@@ -328,7 +346,7 @@ module SymmetricEncryption
       puts("\nGenerated Password: #{p}")
       encrypted = SymmetricEncryption.encrypt(p)
       puts("Encrypted: #{encrypted}\n\n")
-      File.open(output_file_name, 'wb') { |f| f << encrypted } if output_file_name
+      File.open(output_file_name, "wb") { |f| f << encrypted } if output_file_name
     end
 
     def current_version

data/lib/symmetric_encryption/coerce.rb

@@ -14,7 +14,7 @@ module SymmetricEncryption
     # Coerce given value into given type
     # Does not coerce json or yaml values
     def self.coerce(value, type, from_type = nil)
-      return value if value.nil? || (value == '')
+      return value if value.nil? || (value == "")
 
       from_type ||= value.class
       case type
@@ -32,7 +32,7 @@ module SymmetricEncryption
     # Note: if the type is :string, then the value is returned as is, and the
     #   coercible gem is not used at all.
     def self.coerce_from_string(value, type)
-      return value if value.nil? || (value == '')
+      return value if value.nil? || (value == "")
 
       case type
       when :string
@@ -50,7 +50,7 @@ module SymmetricEncryption
     # Note: if the type is :string, and value is not nil, then #to_s is called
     #   on the value and the coercible gem is not used at all.
     def self.coerce_to_string(value, type)
-      return value if value.nil? || (value == '')
+      return value if value.nil? || (value == "")
 
       case type
       when :string

data/lib/symmetric_encryption/config.rb

@@ -1,5 +1,5 @@
-require 'erb'
-require 'yaml'
+require "erb"
+require "yaml"
 module SymmetricEncryption
   class Config
     attr_reader :file_name, :env
@@ -27,7 +27,7 @@ module SymmetricEncryption
 
     # Reads the entire configuration for all environments from the supplied file name.
     def self.read_file(file_name)
-      config = YAML.load(ERB.new(File.new(file_name).read).result)
+      config = load_yaml(ERB.new(File.new(file_name).read).result)
       config = deep_symbolize_keys(config)
       config.each_pair { |_env, cfg| SymmetricEncryption::Config.send(:migrate_old_formats!, cfg) }
       config
@@ -36,12 +36,14 @@ module SymmetricEncryption
     # Write the entire configuration for all environments to the supplied file name.
     def self.write_file(file_name, config)
       config = deep_stringify_keys(config)
-      File.open(file_name, 'w') do |f|
-        f.puts '# This file was auto generated by symmetric-encryption.'
-        f.puts '# Recommend using symmetric-encryption to make changes.'
-        f.puts '# For more info, run:'
-        f.puts '#   symmetric-encryption --help'
-        f.puts '#'
+
+      FileUtils.mkdir_p(File.dirname(file_name))
+      File.open(file_name, "w") do |f|
+        f.puts "# This file was auto generated by symmetric-encryption."
+        f.puts "# Recommend using symmetric-encryption to make changes."
+        f.puts "# For more info, run:"
+        f.puts "#   symmetric-encryption --help"
+        f.puts "#"
         f.write(config.to_yaml)
       end
     end
@@ -50,15 +52,15 @@ module SymmetricEncryption
     #
     # See: `.load!` for parameters.
     def initialize(file_name: nil, env: nil)
-      env ||= defined?(Rails) ? Rails.env : ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
+      env ||= defined?(Rails) ? Rails.env : ENV["RACK_ENV"] || ENV["RAILS_ENV"] || "development"
 
       unless file_name
-        root          = defined?(Rails) ? Rails.root : '.'
-        file_name     =
-          if (env_var = ENV['SYMMETRIC_ENCRYPTION_CONFIG'])
+        root      = defined?(Rails) ? Rails.root : "."
+        file_name =
+          if (env_var = ENV["SYMMETRIC_ENCRYPTION_CONFIG"])
             File.expand_path(env_var)
           else
-            File.join(root, 'config', 'symmetric-encryption.yml')
+            File.join(root, "config", "symmetric-encryption.yml")
           end
         raise(ConfigError, "Cannot find config file: #{file_name}") unless File.exist?(file_name)
       end
@@ -69,20 +71,21 @@ module SymmetricEncryption
 
     # Returns [Hash] the configuration for the supplied environment.
     def config
-      @config ||= begin
-        raise(ConfigError, "Cannot find config file: #{file_name}") unless File.exist?(file_name)
+      @config ||=
+        begin
+          raise(ConfigError, "Cannot find config file: #{file_name}") unless File.exist?(file_name)
 
-        env_config = YAML.load(ERB.new(File.new(file_name).read).result)[env]
-        raise(ConfigError, "Cannot find environment: #{env} in config file: #{file_name}") unless env_config
+          env_config = self.class.load_yaml(ERB.new(File.new(file_name).read).result)[env]
+          raise(ConfigError, "Cannot find environment: #{env} in config file: #{file_name}") unless env_config
 
-        env_config = self.class.send(:deep_symbolize_keys, env_config)
-        self.class.send(:migrate_old_formats!, env_config)
-      end
+          env_config = self.class.send(:deep_symbolize_keys, env_config)
+          self.class.send(:migrate_old_formats!, env_config)
+        end
     end
 
-    # Returns [Array(SymmetricEncrytion::Cipher)] ciphers specified in the configuration file.
+    # Returns [Array(SymmetricEncryption::Cipher)] ciphers specified in the configuration file.
     def ciphers
-      @ciphers ||= config[:ciphers].collect { |cipher_config| Cipher.from_config(cipher_config) }
+      @ciphers ||= config[:ciphers].collect { |cipher_config| Cipher.from_config(**cipher_config) }
     end
 
     # Iterate through the Hash symbolizing all keys.
@@ -127,22 +130,22 @@ module SymmetricEncryption
     def self.migrate_old_formats!(config)
       # Inline single cipher before :ciphers
       unless config.key?(:ciphers)
-        inline_cipher                               = {}
+        inline_cipher = {}
         config.keys.each { |key| inline_cipher[key] = config.delete(key) }
-        config[:ciphers]                            = [inline_cipher]
+        config[:ciphers] = [inline_cipher]
       end
 
       # Copy Old :private_rsa_key into each ciphers config
       # Cipher.from_config replaces it with the RSA Kek
       if config[:private_rsa_key]
-        private_rsa_key                                           = config.delete(:private_rsa_key)
+        private_rsa_key = config.delete(:private_rsa_key)
         config[:ciphers].each { |cipher| cipher[:private_rsa_key] = private_rsa_key }
       end
 
       # Old :cipher_name
       config[:ciphers].each do |cipher|
         if (old_key_name_cipher = cipher.delete(:cipher))
-          cipher[:cipher_name]  = old_key_name_cipher
+          cipher[:cipher_name] = old_key_name_cipher
         end
 
         # Only temporarily used during v4 Beta process
@@ -153,12 +156,18 @@ module SymmetricEncryption
         #   encrypted_key: <%= ENV['VAR'] %>
         if cipher.key?(:encrypted_key) && cipher[:encrypted_key].nil?
           cipher[:key_env_var] = :placeholder
-          puts 'WARNING: :encrypted_key resolved to nil. Please see the migrated config file for the new option :key_env_var.'
+          puts "WARNING: :encrypted_key resolved to nil. Please see the migrated config file for the new option :key_env_var."
         end
       end
       config
     end
 
     private_class_method :migrate_old_formats!
+
+    def self.load_yaml(src)
+      return YAML.safe_load(src, permitted_classes: [Symbol], aliases: true) if Psych::VERSION.to_i >= 4
+
+      YAML.load(src)
+    end
   end
 end

data/lib/symmetric_encryption/core.rb

@@ -0,0 +1,35 @@
+# Used for compression
+require "zlib"
+# Used to coerce data types between string and their actual types
+require "coercible"
+
+require "symmetric_encryption/version"
+require "symmetric_encryption/cipher"
+require "symmetric_encryption/symmetric_encryption"
+require "symmetric_encryption/exception"
+
+# @formatter:off
+module SymmetricEncryption
+  autoload :Coerce,                 "symmetric_encryption/coerce"
+  autoload :Config,                 "symmetric_encryption/config"
+  autoload :Encoder,                "symmetric_encryption/encoder"
+  autoload :EncryptedStringType,    "symmetric_encryption/types/encrypted_string_type"
+  autoload :Generator,              "symmetric_encryption/generator"
+  autoload :Header,                 "symmetric_encryption/header"
+  autoload :Key,                    "symmetric_encryption/key"
+  autoload :Reader,                 "symmetric_encryption/reader"
+  autoload :RSAKey,                 "symmetric_encryption/rsa_key"
+  autoload :Writer,                 "symmetric_encryption/writer"
+  autoload :CLI,                    "symmetric_encryption/cli"
+  autoload :Keystore,               "symmetric_encryption/keystore"
+  module ActiveRecord
+    autoload :EncryptedAttribute,   "symmetric_encryption/active_record/encrypted_attribute"
+  end
+
+  module Utils
+    autoload :Aws,                  "symmetric_encryption/utils/aws"
+    autoload :Files,                "symmetric_encryption/utils/files"
+    autoload :ReEncryptFiles,       "symmetric_encryption/utils/re_encrypt_files"
+  end
+end
+# @formatter:on

data/lib/symmetric_encryption/encoder.rb

@@ -6,6 +6,8 @@ module SymmetricEncryption
         Base64.new
       when :base64strict
         Base64Strict.new
+      when :base64urlsafe
+        Base64UrlSafe.new
       when :base16
         Base16.new
       when :none
@@ -35,14 +37,14 @@ module SymmetricEncryption
 
     class Base64
       def encode(binary_string)
-        return binary_string if binary_string.nil? || (binary_string == '')
+        return binary_string if binary_string.nil? || (binary_string == "")
 
         encoded_string = ::Base64.encode64(binary_string)
         encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
       end
 
       def decode(encoded_string)
-        return encoded_string if encoded_string.nil? || (encoded_string == '')
+        return encoded_string if encoded_string.nil? || (encoded_string == "")
 
         decoded_string = ::Base64.decode64(encoded_string)
         decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
@@ -51,32 +53,48 @@ module SymmetricEncryption
 
     class Base64Strict
       def encode(binary_string)
-        return binary_string if binary_string.nil? || (binary_string == '')
+        return binary_string if binary_string.nil? || (binary_string == "")
 
         encoded_string = ::Base64.strict_encode64(binary_string)
         encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
       end
 
       def decode(encoded_string)
-        return encoded_string if encoded_string.nil? || (encoded_string == '')
+        return encoded_string if encoded_string.nil? || (encoded_string == "")
 
         decoded_string = ::Base64.decode64(encoded_string)
         decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
       end
     end
 
+    class Base64UrlSafe
+      def encode(binary_string)
+        return binary_string if binary_string.nil? || (binary_string == "")
+
+        encoded_string = ::Base64.urlsafe_encode64(binary_string)
+        encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
+      end
+
+      def decode(encoded_string)
+        return encoded_string if encoded_string.nil? || (encoded_string == "")
+
+        decoded_string = ::Base64.urlsafe_decode64(encoded_string)
+        decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
+      end
+    end
+
     class Base16
       def encode(binary_string)
-        return binary_string if binary_string.nil? || (binary_string == '')
+        return binary_string if binary_string.nil? || (binary_string == "")
 
-        encoded_string = binary_string.to_s.unpack('H*').first
+        encoded_string = binary_string.to_s.unpack("H*").first
         encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
       end
 
       def decode(encoded_string)
-        return encoded_string if encoded_string.nil? || (encoded_string == '')
+        return encoded_string if encoded_string.nil? || (encoded_string == "")
 
-        decoded_string = [encoded_string].pack('H*')
+        decoded_string = [encoded_string].pack("H*")
         decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
       end
     end

data/lib/symmetric_encryption/generator.rb

@@ -8,11 +8,15 @@ module SymmetricEncryption
       compress  = options.delete(:compress) || false
       type      = options.delete(:type) || :string
 
-      raise(ArgumentError, "SymmetricEncryption Invalid options #{options.inspect} when encrypting '#{decrypted_name}'") unless options.empty?
-      raise(ArgumentError, "Invalid type: #{type.inspect}. Valid types: #{SymmetricEncryption::COERCION_TYPES.inspect}") unless SymmetricEncryption::COERCION_TYPES.include?(type)
+      unless options.empty?
+        raise(ArgumentError, "SymmetricEncryption Invalid options #{options.inspect} when encrypting '#{decrypted_name}'")
+      end
+      unless SymmetricEncryption::COERCION_TYPES.include?(type)
+        raise(ArgumentError, "Invalid type: #{type.inspect}. Valid types: #{SymmetricEncryption::COERCION_TYPES.inspect}")
+      end
 
       if model.const_defined?(:EncryptedAttributes, _search_ancestors = false)
-        mod                                                           = model.const_get(:EncryptedAttributes)
+        mod = model.const_get(:EncryptedAttributes)
       else
         mod = model.const_set(:EncryptedAttributes, Module.new)
         model.send(:include, mod)