symmetric-encryption 4.2.1 → 4.3.3

data/lib/symmetric_encryption/coerce.rb

@@ -14,7 +14,7 @@ module SymmetricEncryption
     # Coerce given value into given type
     # Does not coerce json or yaml values
     def self.coerce(value, type, from_type = nil)
-      return value if value.nil? || (value == '')
+      return value if value.nil? || (value == "")
 
       from_type ||= value.class
       case type
@@ -32,7 +32,7 @@ module SymmetricEncryption
     # Note: if the type is :string, then the value is returned as is, and the
     #   coercible gem is not used at all.
     def self.coerce_from_string(value, type)
-      return value if value.nil? || (value == '')
+      return value if value.nil? || (value == "")
 
       case type
       when :string
@@ -50,7 +50,7 @@ module SymmetricEncryption
     # Note: if the type is :string, and value is not nil, then #to_s is called
     #   on the value and the coercible gem is not used at all.
     def self.coerce_to_string(value, type)
-      return value if value.nil? || (value == '')
+      return value if value.nil? || (value == "")
 
       case type
       when :string

data/lib/symmetric_encryption/config.rb

@@ -1,5 +1,5 @@
-require 'erb'
-require 'yaml'
+require "erb"
+require "yaml"
 module SymmetricEncryption
   class Config
     attr_reader :file_name, :env
@@ -38,12 +38,12 @@ module SymmetricEncryption
       config = deep_stringify_keys(config)
 
       FileUtils.mkdir_p(File.dirname(file_name))
-      File.open(file_name, 'w') do |f|
-        f.puts '# This file was auto generated by symmetric-encryption.'
-        f.puts '# Recommend using symmetric-encryption to make changes.'
-        f.puts '# For more info, run:'
-        f.puts '#   symmetric-encryption --help'
-        f.puts '#'
+      File.open(file_name, "w") do |f|
+        f.puts "# This file was auto generated by symmetric-encryption."
+        f.puts "# Recommend using symmetric-encryption to make changes."
+        f.puts "# For more info, run:"
+        f.puts "#   symmetric-encryption --help"
+        f.puts "#"
         f.write(config.to_yaml)
       end
     end
@@ -52,15 +52,15 @@ module SymmetricEncryption
     #
     # See: `.load!` for parameters.
     def initialize(file_name: nil, env: nil)
-      env ||= defined?(Rails) ? Rails.env : ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
+      env ||= defined?(Rails) ? Rails.env : ENV["RACK_ENV"] || ENV["RAILS_ENV"] || "development"
 
       unless file_name
-        root          = defined?(Rails) ? Rails.root : '.'
-        file_name     =
-          if (env_var = ENV['SYMMETRIC_ENCRYPTION_CONFIG'])
+        root      = defined?(Rails) ? Rails.root : "."
+        file_name =
+          if (env_var = ENV["SYMMETRIC_ENCRYPTION_CONFIG"])
             File.expand_path(env_var)
           else
-            File.join(root, 'config', 'symmetric-encryption.yml')
+            File.join(root, "config", "symmetric-encryption.yml")
           end
         raise(ConfigError, "Cannot find config file: #{file_name}") unless File.exist?(file_name)
       end
@@ -71,20 +71,21 @@ module SymmetricEncryption
 
     # Returns [Hash] the configuration for the supplied environment.
     def config
-      @config ||= begin
-        raise(ConfigError, "Cannot find config file: #{file_name}") unless File.exist?(file_name)
+      @config ||=
+        begin
+          raise(ConfigError, "Cannot find config file: #{file_name}") unless File.exist?(file_name)
 
-        env_config = YAML.load(ERB.new(File.new(file_name).read).result)[env]
-        raise(ConfigError, "Cannot find environment: #{env} in config file: #{file_name}") unless env_config
+          env_config = YAML.load(ERB.new(File.new(file_name).read).result)[env]
+          raise(ConfigError, "Cannot find environment: #{env} in config file: #{file_name}") unless env_config
 
-        env_config = self.class.send(:deep_symbolize_keys, env_config)
-        self.class.send(:migrate_old_formats!, env_config)
-      end
+          env_config = self.class.send(:deep_symbolize_keys, env_config)
+          self.class.send(:migrate_old_formats!, env_config)
+        end
     end
 
-    # Returns [Array(SymmetricEncrytion::Cipher)] ciphers specified in the configuration file.
+    # Returns [Array(SymmetricEncryption::Cipher)] ciphers specified in the configuration file.
     def ciphers
-      @ciphers ||= config[:ciphers].collect { |cipher_config| Cipher.from_config(cipher_config) }
+      @ciphers ||= config[:ciphers].collect { |cipher_config| Cipher.from_config(**cipher_config) }
     end
 
     # Iterate through the Hash symbolizing all keys.
@@ -129,22 +130,22 @@ module SymmetricEncryption
     def self.migrate_old_formats!(config)
       # Inline single cipher before :ciphers
       unless config.key?(:ciphers)
-        inline_cipher                               = {}
+        inline_cipher = {}
         config.keys.each { |key| inline_cipher[key] = config.delete(key) }
-        config[:ciphers]                            = [inline_cipher]
+        config[:ciphers] = [inline_cipher]
       end
 
       # Copy Old :private_rsa_key into each ciphers config
       # Cipher.from_config replaces it with the RSA Kek
       if config[:private_rsa_key]
-        private_rsa_key                                           = config.delete(:private_rsa_key)
+        private_rsa_key = config.delete(:private_rsa_key)
         config[:ciphers].each { |cipher| cipher[:private_rsa_key] = private_rsa_key }
       end
 
       # Old :cipher_name
       config[:ciphers].each do |cipher|
         if (old_key_name_cipher = cipher.delete(:cipher))
-          cipher[:cipher_name]  = old_key_name_cipher
+          cipher[:cipher_name] = old_key_name_cipher
         end
 
         # Only temporarily used during v4 Beta process
@@ -155,7 +156,7 @@ module SymmetricEncryption
         #   encrypted_key: <%= ENV['VAR'] %>
         if cipher.key?(:encrypted_key) && cipher[:encrypted_key].nil?
           cipher[:key_env_var] = :placeholder
-          puts 'WARNING: :encrypted_key resolved to nil. Please see the migrated config file for the new option :key_env_var.'
+          puts "WARNING: :encrypted_key resolved to nil. Please see the migrated config file for the new option :key_env_var."
         end
       end
       config

data/lib/symmetric_encryption/core.rb

@@ -1,30 +1,35 @@
 # Used for compression
-require 'zlib'
+require "zlib"
 # Used to coerce data types between string and their actual types
-require 'coercible'
+require "coercible"
 
-require 'symmetric_encryption/version'
-require 'symmetric_encryption/cipher'
-require 'symmetric_encryption/symmetric_encryption'
-require 'symmetric_encryption/exception'
+require "symmetric_encryption/version"
+require "symmetric_encryption/cipher"
+require "symmetric_encryption/symmetric_encryption"
+require "symmetric_encryption/exception"
 
 # @formatter:off
 module SymmetricEncryption
-  autoload :Coerce,                 'symmetric_encryption/coerce'
-  autoload :Config,                 'symmetric_encryption/config'
-  autoload :Encoder,                'symmetric_encryption/encoder'
-  autoload :Generator,              'symmetric_encryption/generator'
-  autoload :Header,                 'symmetric_encryption/header'
-  autoload :Key,                    'symmetric_encryption/key'
-  autoload :Reader,                 'symmetric_encryption/reader'
-  autoload :RSAKey,                 'symmetric_encryption/rsa_key'
-  autoload :Writer,                 'symmetric_encryption/writer'
-  autoload :CLI,                    'symmetric_encryption/cli'
-  autoload :Keystore,               'symmetric_encryption/keystore'
+  autoload :Coerce,                 "symmetric_encryption/coerce"
+  autoload :Config,                 "symmetric_encryption/config"
+  autoload :Encoder,                "symmetric_encryption/encoder"
+  autoload :EncryptedStringType,    "symmetric_encryption/types/encrypted_string_type"
+  autoload :Generator,              "symmetric_encryption/generator"
+  autoload :Header,                 "symmetric_encryption/header"
+  autoload :Key,                    "symmetric_encryption/key"
+  autoload :Reader,                 "symmetric_encryption/reader"
+  autoload :RSAKey,                 "symmetric_encryption/rsa_key"
+  autoload :Writer,                 "symmetric_encryption/writer"
+  autoload :CLI,                    "symmetric_encryption/cli"
+  autoload :Keystore,               "symmetric_encryption/keystore"
+  module ActiveRecord
+    autoload :EncryptedAttribute,   "symmetric_encryption/active_record/encrypted_attribute"
+  end
+
   module Utils
-    autoload :Aws,                  'symmetric_encryption/utils/aws'
-    autoload :Files,                'symmetric_encryption/utils/files'
-    autoload :ReEncryptFiles,       'symmetric_encryption/utils/re_encrypt_files'
+    autoload :Aws,                  "symmetric_encryption/utils/aws"
+    autoload :Files,                "symmetric_encryption/utils/files"
+    autoload :ReEncryptFiles,       "symmetric_encryption/utils/re_encrypt_files"
   end
 end
 # @formatter:on

data/lib/symmetric_encryption/encoder.rb

@@ -35,14 +35,14 @@ module SymmetricEncryption
 
     class Base64
       def encode(binary_string)
-        return binary_string if binary_string.nil? || (binary_string == '')
+        return binary_string if binary_string.nil? || (binary_string == "")
 
         encoded_string = ::Base64.encode64(binary_string)
         encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
       end
 
       def decode(encoded_string)
-        return encoded_string if encoded_string.nil? || (encoded_string == '')
+        return encoded_string if encoded_string.nil? || (encoded_string == "")
 
         decoded_string = ::Base64.decode64(encoded_string)
         decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
@@ -51,14 +51,14 @@ module SymmetricEncryption
 
     class Base64Strict
       def encode(binary_string)
-        return binary_string if binary_string.nil? || (binary_string == '')
+        return binary_string if binary_string.nil? || (binary_string == "")
 
         encoded_string = ::Base64.strict_encode64(binary_string)
         encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
       end
 
       def decode(encoded_string)
-        return encoded_string if encoded_string.nil? || (encoded_string == '')
+        return encoded_string if encoded_string.nil? || (encoded_string == "")
 
         decoded_string = ::Base64.decode64(encoded_string)
         decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
@@ -67,16 +67,16 @@ module SymmetricEncryption
 
     class Base16
       def encode(binary_string)
-        return binary_string if binary_string.nil? || (binary_string == '')
+        return binary_string if binary_string.nil? || (binary_string == "")
 
-        encoded_string = binary_string.to_s.unpack('H*').first
+        encoded_string = binary_string.to_s.unpack("H*").first
         encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
       end
 
       def decode(encoded_string)
-        return encoded_string if encoded_string.nil? || (encoded_string == '')
+        return encoded_string if encoded_string.nil? || (encoded_string == "")
 
-        decoded_string = [encoded_string].pack('H*')
+        decoded_string = [encoded_string].pack("H*")
         decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
       end
     end

data/lib/symmetric_encryption/generator.rb

@@ -8,11 +8,15 @@ module SymmetricEncryption
       compress  = options.delete(:compress) || false
       type      = options.delete(:type) || :string
 
-      raise(ArgumentError, "SymmetricEncryption Invalid options #{options.inspect} when encrypting '#{decrypted_name}'") unless options.empty?
-      raise(ArgumentError, "Invalid type: #{type.inspect}. Valid types: #{SymmetricEncryption::COERCION_TYPES.inspect}") unless SymmetricEncryption::COERCION_TYPES.include?(type)
+      unless options.empty?
+        raise(ArgumentError, "SymmetricEncryption Invalid options #{options.inspect} when encrypting '#{decrypted_name}'")
+      end
+      unless SymmetricEncryption::COERCION_TYPES.include?(type)
+        raise(ArgumentError, "Invalid type: #{type.inspect}. Valid types: #{SymmetricEncryption::COERCION_TYPES.inspect}")
+      end
 
       if model.const_defined?(:EncryptedAttributes, _search_ancestors = false)
-        mod                                                           = model.const_get(:EncryptedAttributes)
+        mod = model.const_get(:EncryptedAttributes)
       else
         mod = model.const_set(:EncryptedAttributes, Module.new)
         model.send(:include, mod)

data/lib/symmetric_encryption/header.rb

@@ -8,7 +8,7 @@ module SymmetricEncryption
   class Header
     # Encrypted data includes this header prior to encoding when
     # `always_add_header` is true.
-    MAGIC_HEADER      = '@EnC'.force_encoding(SymmetricEncryption::BINARY_ENCODING)
+    MAGIC_HEADER      = "@EnC".force_encoding(SymmetricEncryption::BINARY_ENCODING)
     MAGIC_HEADER_SIZE = MAGIC_HEADER.size
 
     # [true|false] Whether to compress the data before encryption.
@@ -37,7 +37,7 @@ module SymmetricEncryption
     # Returns whether the supplied buffer starts with a symmetric_encryption header
     # Note: The encoding of the supplied buffer is forced to binary if not already binary
     def self.present?(buffer)
-      return false if buffer.nil? || (buffer == '')
+      return false if buffer.nil? || (buffer == "")
 
       buffer.force_encoding(SymmetricEncryption::BINARY_ENCODING)
       buffer.start_with?(MAGIC_HEADER)
@@ -122,7 +122,7 @@ module SymmetricEncryption
     #
     # Returns 0 if no header is present
     def parse(buffer, offset = 0)
-      return 0 if buffer.nil? || (buffer == '') || (buffer.length <= MAGIC_HEADER_SIZE + 2)
+      return 0 if buffer.nil? || (buffer == "") || (buffer.length <= MAGIC_HEADER_SIZE + 2)
 
       # Symmetric Encryption Header
       #
@@ -153,7 +153,7 @@ module SymmetricEncryption
 
       # Remove header and extract flags
       self.version = buffer.getbyte(offset)
-      offset      += 1
+      offset += 1
 
       unless cipher
         raise(
@@ -162,34 +162,34 @@ module SymmetricEncryption
         )
       end
 
-      flags   = buffer.getbyte(offset)
+      flags = buffer.getbyte(offset)
       offset += 1
 
       self.compress = (flags & FLAG_COMPRESSED) != 0
 
-      if (flags & FLAG_IV) != 0
-        self.iv, offset = read_string(buffer, offset)
-      else
+      if (flags & FLAG_IV).zero?
         self.iv = nil
+      else
+        self.iv, offset = read_string(buffer, offset)
       end
 
-      if (flags & FLAG_KEY) != 0
+      if (flags & FLAG_KEY).zero?
+        self.key = nil
+      else
         encrypted_key, offset = read_string(buffer, offset)
         self.key              = cipher.binary_decrypt(encrypted_key)
-      else
-        self.key = nil
       end
 
-      if (flags & FLAG_CIPHER_NAME) != 0
-        self.cipher_name, offset = read_string(buffer, offset)
-      else
+      if (flags & FLAG_CIPHER_NAME).zero?
         self.cipher_name = nil
+      else
+        self.cipher_name, offset = read_string(buffer, offset)
       end
 
-      if (flags & FLAG_AUTH_TAG) != 0
-        self.auth_tag, offset = read_string(buffer, offset)
-      else
+      if (flags & FLAG_AUTH_TAG).zero?
         self.auth_tag = nil
+      else
+        self.auth_tag, offset = read_string(buffer, offset)
       end
 
       offset
@@ -197,7 +197,7 @@ module SymmetricEncryption
 
     # Returns [String] this header as a string
     def to_s
-      flags  = 0
+      flags = 0
       flags |= FLAG_COMPRESSED if compressed?
       flags |= FLAG_IV if iv
       flags |= FLAG_KEY if key
@@ -207,23 +207,23 @@ module SymmetricEncryption
       header = "#{MAGIC_HEADER}#{version.chr(SymmetricEncryption::BINARY_ENCODING)}#{flags.chr(SymmetricEncryption::BINARY_ENCODING)}"
 
       if iv
-        header << [iv.length].pack('v')
+        header << [iv.length].pack("v")
         header << iv
       end
 
       if key
         encrypted = cipher.binary_encrypt(key, header: false)
-        header << [encrypted.length].pack('v')
+        header << [encrypted.length].pack("v")
         header << encrypted
       end
 
       if cipher_name
-        header << [cipher_name.length].pack('v')
+        header << [cipher_name.length].pack("v")
         header << cipher_name
       end
 
       if auth_tag
-        header << [auth_tag.length].pack('v')
+        header << [auth_tag.length].pack("v")
         header << auth_tag
       end
 
@@ -258,9 +258,9 @@ module SymmetricEncryption
       #   Exception when
       #   - offset exceeds length of buffer
       #   byteslice truncates when too long, but returns nil when start is beyond end of buffer
-      len     = buffer.byteslice(offset, 2).unpack('v').first
+      len = buffer.byteslice(offset, 2).unpack("v").first
       offset += 2
-      out     = buffer.byteslice(offset, len)
+      out = buffer.byteslice(offset, len)
       [out, offset + len]
     end
   end

data/lib/symmetric_encryption/key.rb

@@ -3,7 +3,7 @@ module SymmetricEncryption
   class Key
     attr_reader :key, :iv, :cipher_name
 
-    def initialize(key: :random, iv: :random, cipher_name: 'aes-256-cbc')
+    def initialize(key: :random, iv: :random, cipher_name: "aes-256-cbc")
       @key         = key == :random ? ::OpenSSL::Cipher.new(cipher_name).random_key : key
       @iv          = iv == :random ? ::OpenSSL::Cipher.new(cipher_name).random_iv : iv
       @cipher_name = cipher_name

data/lib/symmetric_encryption/keystore.rb

@@ -2,12 +2,12 @@ module SymmetricEncryption
   # Encryption keys are secured in Keystores
   module Keystore
     # @formatter:off
-    autoload :Aws,         'symmetric_encryption/keystore/aws'
-    autoload :Environment, 'symmetric_encryption/keystore/environment'
-    autoload :Gcp,         'symmetric_encryption/keystore/gcp'
-    autoload :File,        'symmetric_encryption/keystore/file'
-    autoload :Heroku,      'symmetric_encryption/keystore/heroku'
-    autoload :Memory,      'symmetric_encryption/keystore/memory'
+    autoload :Aws,         "symmetric_encryption/keystore/aws"
+    autoload :Environment, "symmetric_encryption/keystore/environment"
+    autoload :Gcp,         "symmetric_encryption/keystore/gcp"
+    autoload :File,        "symmetric_encryption/keystore/file"
+    autoload :Heroku,      "symmetric_encryption/keystore/heroku"
+    autoload :Memory,      "symmetric_encryption/keystore/memory"
     # @formatter:on
 
     # Returns [Hash] a new keystore configuration after generating data keys for each environment.
@@ -56,7 +56,7 @@ module SymmetricEncryption
     # Notes:
     # * iv_filename is no longer supported and is removed when creating a new random cipher.
     #     * `iv` does not need to be encrypted and is included in the clear.
-    def self.rotate_keys!(full_config, environments: [], app_name:, rolling_deploy: false, keystore: nil)
+    def self.rotate_keys!(full_config, app_name:, environments: [], rolling_deploy: false, keystore: nil)
       full_config.each_pair do |environment, cfg|
         # Only rotate keys for specified environments. Default, all
         next if !environments.empty? && !environments.include?(environment.to_sym)
@@ -69,7 +69,7 @@ module SymmetricEncryption
         # Only generate new keys for keystore's that have a key encrypting key
         next unless config[:key_encrypting_key] || config[:private_rsa_key]
 
-        cipher_name = config[:cipher_name] || 'aes-256-cbc'
+        cipher_name = config[:cipher_name] || "aes-256-cbc"
 
         keystore_class = keystore ? constantize_symbol(keystore) : keystore_for(config)
 
@@ -80,7 +80,7 @@ module SymmetricEncryption
           environment: environment
         }
         args[:key_path] = ::File.dirname(config[:key_filename]) if config.key?(:key_filename)
-        new_data_key    = keystore_class.generate_data_key(args)
+        new_data_key    = keystore_class.generate_data_key(**args)
 
         # Add as second key so that key can be published now and only used in a later deploy.
         if rolling_deploy
@@ -95,7 +95,7 @@ module SymmetricEncryption
     # Rotates just the key encrypting keys for the current cipher version.
     # The existing data encryption key is not changed, it is secured using the
     # new key encrypting keys.
-    def self.rotate_key_encrypting_keys!(full_config, environments: [], app_name:)
+    def self.rotate_key_encrypting_keys!(full_config, app_name:, environments: [])
       full_config.each_pair do |environment, cfg|
         # Only rotate keys for specified environments. Default, all
         next if !environments.empty? && !environments.include?(environment.to_sym)
@@ -105,7 +105,7 @@ module SymmetricEncryption
         # Only generate new keys for keystore's that have a key encrypting key
         next unless config[:key_encrypting_key]
 
-        version  = config.delete(:version) || 1
+        version = config.delete(:version) || 1
         version -= 1
 
         always_add_header = config.delete(:always_add_header)
@@ -144,9 +144,9 @@ module SymmetricEncryption
         ciphers:
                  [
                    {
-                     key:         '1234567890ABCDEF',
-                     iv:          '1234567890ABCDEF',
-                     cipher_name: 'aes-128-cbc',
+                     key:         "1234567890ABCDEF",
+                     iv:          "1234567890ABCDEF",
+                     cipher_name: "aes-128-cbc",
                      version:     1
                    }
                  ]
@@ -156,7 +156,7 @@ module SymmetricEncryption
     # Returns [Key] by recursively navigating the config tree.
     #
     # Supports N level deep key encrypting keys.
-    def self.read_key(key: nil, iv:, key_encrypting_key: nil, cipher_name: 'aes-256-cbc', keystore: nil, version: 0, **args)
+    def self.read_key(iv:, key: nil, key_encrypting_key: nil, cipher_name: "aes-256-cbc", keystore: nil, version: 0, **args)
       if key_encrypting_key.is_a?(Hash)
         # Recurse up the chain returning the parent key_encrypting_key
         key_encrypting_key = read_key(cipher_name: cipher_name, **key_encrypting_key)
@@ -185,11 +185,11 @@ module SymmetricEncryption
       elsif config[:key_env_var]
         Keystore::Environment
       else
-        raise(ArgumentError, 'Unknown keystore supplied in config')
+        raise(ArgumentError, "Unknown keystore supplied in config")
       end
     end
 
-    def self.constantize_symbol(symbol, namespace = 'SymmetricEncryption::Keystore')
+    def self.constantize_symbol(symbol, namespace = "SymmetricEncryption::Keystore")
       klass = "#{namespace}::#{camelize(symbol.to_s)}"
       begin
         Object.const_get(klass)
@@ -202,8 +202,8 @@ module SymmetricEncryption
     def self.camelize(term)
       string = term.to_s
       string = string.sub(/^[a-z\d]*/, &:capitalize)
-      string.gsub!(/(?:_|(\/))([a-z\d]*)/i) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }
-      string.gsub!('/'.freeze, '::'.freeze)
+      string.gsub!(%r{(?:_|(/))([a-z\d]*)}i) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }
+      string.gsub!("/".freeze, "::".freeze)
       string
     end
 
@@ -220,12 +220,12 @@ module SymmetricEncryption
 
       # Migrate old encrypted_iv
       if (encrypted_iv = config.delete(:encrypted_iv)) && private_rsa_key
-        encrypted_iv   = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
-        config[:iv]    = ::Base64.decode64(encrypted_iv)
+        encrypted_iv = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
+        config[:iv]  = ::Base64.decode64(encrypted_iv)
       end
 
       # Migrate old iv_filename
-      if (file_name  = config.delete(:iv_filename)) && private_rsa_key
+      if (file_name = config.delete(:iv_filename)) && private_rsa_key
         encrypted_iv = ::File.read(file_name)
         config[:iv]  = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
       end
@@ -234,7 +234,7 @@ module SymmetricEncryption
       config[:key_encrypting_key] = RSAKey.new(private_rsa_key) if private_rsa_key
 
       # Migrate old encrypted_key to new binary format
-      if (encrypted_key        = config[:encrypted_key]) && private_rsa_key
+      if (encrypted_key = config[:encrypted_key]) && private_rsa_key
         config[:encrypted_key] = ::Base64.decode64(encrypted_key)
       end
     end