symmetric-encryption 4.1.2 → 4.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +5 -7
- data/Rakefile +9 -9
- data/bin/symmetric-encryption +1 -1
- data/lib/symmetric-encryption.rb +1 -1
- data/lib/symmetric_encryption/active_record/attr_encrypted.rb +129 -0
- data/lib/symmetric_encryption/active_record/encrypted_attribute.rb +37 -0
- data/lib/symmetric_encryption/cipher.rb +20 -14
- data/lib/symmetric_encryption/cli.rb +76 -58
- data/lib/symmetric_encryption/coerce.rb +3 -3
- data/lib/symmetric_encryption/config.rb +37 -28
- data/lib/symmetric_encryption/core.rb +35 -0
- data/lib/symmetric_encryption/encoder.rb +26 -8
- data/lib/symmetric_encryption/generator.rb +7 -3
- data/lib/symmetric_encryption/header.rb +24 -24
- data/lib/symmetric_encryption/key.rb +1 -1
- data/lib/symmetric_encryption/keystore/aws.rb +14 -32
- data/lib/symmetric_encryption/keystore/environment.rb +5 -5
- data/lib/symmetric_encryption/keystore/file.rb +34 -17
- data/lib/symmetric_encryption/keystore/gcp.rb +90 -0
- data/lib/symmetric_encryption/keystore/heroku.rb +1 -1
- data/lib/symmetric_encryption/keystore/memory.rb +3 -3
- data/lib/symmetric_encryption/keystore.rb +23 -22
- data/lib/symmetric_encryption/railtie.rb +14 -13
- data/lib/symmetric_encryption/{extensions/mongoid/encrypted.rb → railties/mongoid_encrypted.rb} +5 -4
- data/lib/symmetric_encryption/railties/symmetric_encryption_validator.rb +1 -1
- data/lib/symmetric_encryption/reader.rb +13 -13
- data/lib/symmetric_encryption/rsa_key.rb +1 -1
- data/lib/symmetric_encryption/symmetric_encryption.rb +56 -36
- data/lib/symmetric_encryption/utils/aws.rb +8 -10
- data/lib/symmetric_encryption/utils/files.rb +45 -0
- data/lib/symmetric_encryption/utils/re_encrypt_files.rb +11 -11
- data/lib/symmetric_encryption/version.rb +1 -1
- data/lib/symmetric_encryption/writer.rb +20 -13
- data/lib/symmetric_encryption.rb +19 -49
- metadata +14 -13
- data/lib/symmetric_encryption/extensions/active_record/base.rb +0 -110
- data/lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb +0 -41
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: symmetric-encryption
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Reid Morrison
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-04-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: coercible
|
@@ -24,9 +24,8 @@ dependencies:
|
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '1.0'
|
27
|
-
description:
|
27
|
+
description:
|
28
28
|
email:
|
29
|
-
- reidmo@gmail.com
|
30
29
|
executables:
|
31
30
|
- symmetric-encryption
|
32
31
|
extensions: []
|
@@ -38,15 +37,15 @@ files:
|
|
38
37
|
- bin/symmetric-encryption
|
39
38
|
- lib/symmetric-encryption.rb
|
40
39
|
- lib/symmetric_encryption.rb
|
40
|
+
- lib/symmetric_encryption/active_record/attr_encrypted.rb
|
41
|
+
- lib/symmetric_encryption/active_record/encrypted_attribute.rb
|
41
42
|
- lib/symmetric_encryption/cipher.rb
|
42
43
|
- lib/symmetric_encryption/cli.rb
|
43
44
|
- lib/symmetric_encryption/coerce.rb
|
44
45
|
- lib/symmetric_encryption/config.rb
|
46
|
+
- lib/symmetric_encryption/core.rb
|
45
47
|
- lib/symmetric_encryption/encoder.rb
|
46
48
|
- lib/symmetric_encryption/exception.rb
|
47
|
-
- lib/symmetric_encryption/extensions/active_record/base.rb
|
48
|
-
- lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb
|
49
|
-
- lib/symmetric_encryption/extensions/mongoid/encrypted.rb
|
50
49
|
- lib/symmetric_encryption/generator.rb
|
51
50
|
- lib/symmetric_encryption/header.rb
|
52
51
|
- lib/symmetric_encryption/key.rb
|
@@ -54,22 +53,25 @@ files:
|
|
54
53
|
- lib/symmetric_encryption/keystore/aws.rb
|
55
54
|
- lib/symmetric_encryption/keystore/environment.rb
|
56
55
|
- lib/symmetric_encryption/keystore/file.rb
|
56
|
+
- lib/symmetric_encryption/keystore/gcp.rb
|
57
57
|
- lib/symmetric_encryption/keystore/heroku.rb
|
58
58
|
- lib/symmetric_encryption/keystore/memory.rb
|
59
59
|
- lib/symmetric_encryption/railtie.rb
|
60
|
+
- lib/symmetric_encryption/railties/mongoid_encrypted.rb
|
60
61
|
- lib/symmetric_encryption/railties/symmetric_encryption_validator.rb
|
61
62
|
- lib/symmetric_encryption/reader.rb
|
62
63
|
- lib/symmetric_encryption/rsa_key.rb
|
63
64
|
- lib/symmetric_encryption/symmetric_encryption.rb
|
64
65
|
- lib/symmetric_encryption/utils/aws.rb
|
66
|
+
- lib/symmetric_encryption/utils/files.rb
|
65
67
|
- lib/symmetric_encryption/utils/re_encrypt_files.rb
|
66
68
|
- lib/symmetric_encryption/version.rb
|
67
69
|
- lib/symmetric_encryption/writer.rb
|
68
|
-
homepage:
|
70
|
+
homepage: https://encryption.rocketjob.io
|
69
71
|
licenses:
|
70
72
|
- Apache-2.0
|
71
73
|
metadata: {}
|
72
|
-
post_install_message:
|
74
|
+
post_install_message:
|
73
75
|
rdoc_options: []
|
74
76
|
require_paths:
|
75
77
|
- lib
|
@@ -84,9 +86,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
84
86
|
- !ruby/object:Gem::Version
|
85
87
|
version: '0'
|
86
88
|
requirements: []
|
87
|
-
|
88
|
-
|
89
|
-
signing_key:
|
89
|
+
rubygems_version: 3.3.7
|
90
|
+
signing_key:
|
90
91
|
specification_version: 4
|
91
92
|
summary: Encrypt ActiveRecord and Mongoid attributes, files and passwords in configuration
|
92
93
|
files.
|
@@ -1,110 +0,0 @@
|
|
1
|
-
module ActiveRecord #:nodoc:
|
2
|
-
class Base
|
3
|
-
# Transparently encrypt and decrypt values stored via ActiveRecord.
|
4
|
-
#
|
5
|
-
# Parameters:
|
6
|
-
# * Symbolic names of each method to create which has a corresponding
|
7
|
-
# method already defined in rails starting with: encrypted_
|
8
|
-
# * Followed by an optional hash:
|
9
|
-
# :random_iv [true|false]
|
10
|
-
# Whether the encrypted value should use a random IV every time the
|
11
|
-
# field is encrypted.
|
12
|
-
# It is recommended to set this to true where feasible. If the encrypted
|
13
|
-
# value could be used as part of a SQL where clause, or as part
|
14
|
-
# of any lookup, then it must be false.
|
15
|
-
# Setting random_iv to true will result in a different encrypted output for
|
16
|
-
# the same input string.
|
17
|
-
# Note: Only set to true if the field will never be used as part of
|
18
|
-
# the where clause in an SQL query.
|
19
|
-
# Note: When random_iv is true it will add a 8 byte header, plus the bytes
|
20
|
-
# to store the random IV in every returned encrypted string, prior to the
|
21
|
-
# encoding if any.
|
22
|
-
# Default: false
|
23
|
-
# Highly Recommended where feasible: true
|
24
|
-
#
|
25
|
-
# :type [Symbol]
|
26
|
-
# The type for this field, #see SymmetricEncryption::COERCION_TYPES
|
27
|
-
# Default: :string
|
28
|
-
#
|
29
|
-
# :compress [true|false]
|
30
|
-
# Whether to compress str before encryption
|
31
|
-
# Should only be used for large strings since compression overhead and
|
32
|
-
# the overhead of adding the 'magic' header may exceed any benefits of
|
33
|
-
# compression
|
34
|
-
# Note: Adds a 6 byte header prior to encoding, only if :random_iv is false
|
35
|
-
# Default: false
|
36
|
-
def self.attr_encrypted(*params)
|
37
|
-
# Ensure ActiveRecord has created all its methods first
|
38
|
-
# Ignore failures since the table may not yet actually exist
|
39
|
-
begin
|
40
|
-
define_attribute_methods
|
41
|
-
rescue StandardError
|
42
|
-
nil
|
43
|
-
end
|
44
|
-
|
45
|
-
options = params.last.is_a?(Hash) ? params.pop.dup : {}
|
46
|
-
|
47
|
-
params.each do |attribute|
|
48
|
-
SymmetricEncryption::Generator.generate_decrypted_accessors(self, attribute, "encrypted_#{attribute}", options)
|
49
|
-
encrypted_attributes[attribute.to_sym] = "encrypted_#{attribute}".to_sym
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
# Contains a hash of encrypted attributes with virtual attribute names as keys and real attribute
|
54
|
-
# names as values
|
55
|
-
#
|
56
|
-
# Example
|
57
|
-
#
|
58
|
-
# class User < ActiveRecord::Base
|
59
|
-
# attr_encrypted :email
|
60
|
-
# end
|
61
|
-
#
|
62
|
-
# User.encrypted_attributes => { email: encrypted_email }
|
63
|
-
def self.encrypted_attributes
|
64
|
-
@encrypted_attributes ||= superclass.respond_to?(:encrypted_attributes) ? superclass.encrypted_attributes.dup : {}
|
65
|
-
end
|
66
|
-
|
67
|
-
# Return the name of all encrypted virtual attributes as an Array of symbols
|
68
|
-
# Example: [:email, :password]
|
69
|
-
def self.encrypted_keys
|
70
|
-
@encrypted_keys ||= encrypted_attributes.keys
|
71
|
-
end
|
72
|
-
|
73
|
-
# Return the name of all encrypted columns as an Array of symbols
|
74
|
-
# Example: [:encrypted_email, :encrypted_password]
|
75
|
-
def self.encrypted_columns
|
76
|
-
@encrypted_columns ||= encrypted_attributes.values
|
77
|
-
end
|
78
|
-
|
79
|
-
# Returns whether an attribute has been configured to be encrypted
|
80
|
-
#
|
81
|
-
# Example
|
82
|
-
#
|
83
|
-
# class User < ActiveRecord::Base
|
84
|
-
# attr_accessor :name
|
85
|
-
# attr_encrypted :email
|
86
|
-
# end
|
87
|
-
#
|
88
|
-
# User.encrypted_attribute?(:name) # false
|
89
|
-
# User.encrypted_attribute?(:email) # true
|
90
|
-
def self.encrypted_attribute?(attribute)
|
91
|
-
encrypted_keys.include?(attribute)
|
92
|
-
end
|
93
|
-
|
94
|
-
# Returns whether the attribute is the database column to hold the
|
95
|
-
# encrypted data for a matching encrypted attribute
|
96
|
-
#
|
97
|
-
# Example
|
98
|
-
#
|
99
|
-
# class User < ActiveRecord::Base
|
100
|
-
# attr_accessor :name
|
101
|
-
# attr_encrypted :email
|
102
|
-
# end
|
103
|
-
#
|
104
|
-
# User.encrypted_column?(:encrypted_name) # false
|
105
|
-
# User.encrypted_column?(:encrypted_email) # true
|
106
|
-
def self.encrypted_column?(attribute)
|
107
|
-
encrypted_columns.include?(attribute)
|
108
|
-
end
|
109
|
-
end
|
110
|
-
end
|
@@ -1,41 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# DEPRECATED !!!
|
3
|
-
#
|
4
|
-
module MongoMapper
|
5
|
-
module Plugins
|
6
|
-
module EncryptedKey
|
7
|
-
extend ActiveSupport::Concern
|
8
|
-
|
9
|
-
COERCION_MAP = {
|
10
|
-
String => :string,
|
11
|
-
Integer => :integer,
|
12
|
-
Float => :float,
|
13
|
-
BigDecimal => :decimal,
|
14
|
-
DateTime => :datetime,
|
15
|
-
Time => :time,
|
16
|
-
Date => :date,
|
17
|
-
Boolean => :boolean,
|
18
|
-
Hash => :json
|
19
|
-
}.freeze
|
20
|
-
|
21
|
-
module ClassMethods
|
22
|
-
def encrypted_key(key_name, type, full_options = {})
|
23
|
-
full_options = full_options.is_a?(Hash) ? full_options.dup : {}
|
24
|
-
options = full_options.delete(:encrypted) || {}
|
25
|
-
# Support overriding the name of the decrypted attribute
|
26
|
-
encrypted_key_name = options.delete(:encrypt_as) || "encrypted_#{key_name}"
|
27
|
-
options[:type] = COERCION_MAP[type] unless %i[yaml json].include?(options[:type])
|
28
|
-
|
29
|
-
raise(ArgumentError, "Invalid type: #{type.inspect}. Valid types: #{COERCION_MAP.keys.join(',')}") unless options[:type]
|
30
|
-
|
31
|
-
SymmetricEncryption::Generator.generate_decrypted_accessors(self, key_name, encrypted_key_name, options)
|
32
|
-
|
33
|
-
key(encrypted_key_name, String, full_options)
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
MongoMapper::Document.plugin(MongoMapper::Plugins::EncryptedKey)
|
41
|
-
MongoMapper::EmbeddedDocument.plugin(MongoMapper::Plugins::EncryptedKey)
|