symmetric-encryption 4.2.1 → 4.4.0

data/lib/symmetric_encryption/keystore/heroku.rb

@@ -15,7 +15,7 @@ module SymmetricEncryption
         puts "\n\n********************************************************************************"
         puts "Add the environment key to Heroku:\n\n"
         puts "  heroku config:add #{key_env_var}=#{encoder.encode(encrypted_key)}"
-        puts '********************************************************************************'
+        puts "********************************************************************************"
       end
     end
   end

data/lib/symmetric_encryption/keystore/memory.rb

@@ -12,10 +12,10 @@ module SymmetricEncryption
       # Notes:
       # * For development and testing purposes only!!
       # * Never store the encrypted encryption key in the source code / config file.
-      def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **args)
+      def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args)
         version >= 255 ? (version = 1) : (version += 1)
 
-        kek   = SymmetricEncryption::Key.new(cipher_name: cipher_name)
+        kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
         dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)
 
         encrypted_key = new(key_encrypting_key: kek).write(dek.key)
@@ -35,7 +35,7 @@ module SymmetricEncryption
 
       # Stores the Encryption key in a string.
       # Secures the Encryption key by encrypting it with a key encryption key.
-      def initialize(encrypted_key: nil, key_encrypting_key:)
+      def initialize(key_encrypting_key:, encrypted_key: nil)
         @encrypted_key      = encrypted_key
         @key_encrypting_key = key_encrypting_key
       end

data/lib/symmetric_encryption/keystore.rb

@@ -2,12 +2,12 @@ module SymmetricEncryption
   # Encryption keys are secured in Keystores
   module Keystore
     # @formatter:off
-    autoload :Aws,         'symmetric_encryption/keystore/aws'
-    autoload :Environment, 'symmetric_encryption/keystore/environment'
-    autoload :Gcp,         'symmetric_encryption/keystore/gcp'
-    autoload :File,        'symmetric_encryption/keystore/file'
-    autoload :Heroku,      'symmetric_encryption/keystore/heroku'
-    autoload :Memory,      'symmetric_encryption/keystore/memory'
+    autoload :Aws,         "symmetric_encryption/keystore/aws"
+    autoload :Environment, "symmetric_encryption/keystore/environment"
+    autoload :Gcp,         "symmetric_encryption/keystore/gcp"
+    autoload :File,        "symmetric_encryption/keystore/file"
+    autoload :Heroku,      "symmetric_encryption/keystore/heroku"
+    autoload :Memory,      "symmetric_encryption/keystore/memory"
     # @formatter:on
 
     # Returns [Hash] a new keystore configuration after generating data keys for each environment.
@@ -56,7 +56,7 @@ module SymmetricEncryption
     # Notes:
     # * iv_filename is no longer supported and is removed when creating a new random cipher.
     #     * `iv` does not need to be encrypted and is included in the clear.
-    def self.rotate_keys!(full_config, environments: [], app_name:, rolling_deploy: false, keystore: nil)
+    def self.rotate_keys!(full_config, app_name:, environments: [], rolling_deploy: false, keystore: nil)
       full_config.each_pair do |environment, cfg|
         # Only rotate keys for specified environments. Default, all
         next if !environments.empty? && !environments.include?(environment.to_sym)
@@ -69,7 +69,7 @@ module SymmetricEncryption
         # Only generate new keys for keystore's that have a key encrypting key
         next unless config[:key_encrypting_key] || config[:private_rsa_key]
 
-        cipher_name = config[:cipher_name] || 'aes-256-cbc'
+        cipher_name = config[:cipher_name] || "aes-256-cbc"
 
         keystore_class = keystore ? constantize_symbol(keystore) : keystore_for(config)
 
@@ -80,7 +80,7 @@ module SymmetricEncryption
           environment: environment
         }
         args[:key_path] = ::File.dirname(config[:key_filename]) if config.key?(:key_filename)
-        new_data_key    = keystore_class.generate_data_key(args)
+        new_data_key    = keystore_class.generate_data_key(**args)
 
         # Add as second key so that key can be published now and only used in a later deploy.
         if rolling_deploy
@@ -95,7 +95,7 @@ module SymmetricEncryption
     # Rotates just the key encrypting keys for the current cipher version.
     # The existing data encryption key is not changed, it is secured using the
     # new key encrypting keys.
-    def self.rotate_key_encrypting_keys!(full_config, environments: [], app_name:)
+    def self.rotate_key_encrypting_keys!(full_config, app_name:, environments: [])
       full_config.each_pair do |environment, cfg|
         # Only rotate keys for specified environments. Default, all
         next if !environments.empty? && !environments.include?(environment.to_sym)
@@ -105,7 +105,7 @@ module SymmetricEncryption
         # Only generate new keys for keystore's that have a key encrypting key
         next unless config[:key_encrypting_key]
 
-        version  = config.delete(:version) || 1
+        version = config.delete(:version) || 1
         version -= 1
 
         always_add_header = config.delete(:always_add_header)
@@ -144,9 +144,9 @@ module SymmetricEncryption
         ciphers:
                  [
                    {
-                     key:         '1234567890ABCDEF',
-                     iv:          '1234567890ABCDEF',
-                     cipher_name: 'aes-128-cbc',
+                     key:         "1234567890ABCDEF",
+                     iv:          "1234567890ABCDEF",
+                     cipher_name: "aes-128-cbc",
                      version:     1
                    }
                  ]
@@ -156,7 +156,7 @@ module SymmetricEncryption
     # Returns [Key] by recursively navigating the config tree.
     #
     # Supports N level deep key encrypting keys.
-    def self.read_key(key: nil, iv:, key_encrypting_key: nil, cipher_name: 'aes-256-cbc', keystore: nil, version: 0, **args)
+    def self.read_key(iv:, key: nil, key_encrypting_key: nil, cipher_name: "aes-256-cbc", keystore: nil, version: 0, **args)
       if key_encrypting_key.is_a?(Hash)
         # Recurse up the chain returning the parent key_encrypting_key
         key_encrypting_key = read_key(cipher_name: cipher_name, **key_encrypting_key)
@@ -185,11 +185,11 @@ module SymmetricEncryption
       elsif config[:key_env_var]
         Keystore::Environment
       else
-        raise(ArgumentError, 'Unknown keystore supplied in config')
+        raise(ArgumentError, "Unknown keystore supplied in config")
       end
     end
 
-    def self.constantize_symbol(symbol, namespace = 'SymmetricEncryption::Keystore')
+    def self.constantize_symbol(symbol, namespace = "SymmetricEncryption::Keystore")
       klass = "#{namespace}::#{camelize(symbol.to_s)}"
       begin
         Object.const_get(klass)
@@ -202,8 +202,8 @@ module SymmetricEncryption
     def self.camelize(term)
       string = term.to_s
       string = string.sub(/^[a-z\d]*/, &:capitalize)
-      string.gsub!(/(?:_|(\/))([a-z\d]*)/i) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }
-      string.gsub!('/'.freeze, '::'.freeze)
+      string.gsub!(%r{(?:_|(/))([a-z\d]*)}i) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }
+      string.gsub!("/".freeze, "::".freeze)
       string
     end
 
@@ -220,12 +220,12 @@ module SymmetricEncryption
 
       # Migrate old encrypted_iv
       if (encrypted_iv = config.delete(:encrypted_iv)) && private_rsa_key
-        encrypted_iv   = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
-        config[:iv]    = ::Base64.decode64(encrypted_iv)
+        encrypted_iv = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
+        config[:iv]  = ::Base64.decode64(encrypted_iv)
       end
 
       # Migrate old iv_filename
-      if (file_name  = config.delete(:iv_filename)) && private_rsa_key
+      if (file_name = config.delete(:iv_filename)) && private_rsa_key
         encrypted_iv = ::File.read(file_name)
         config[:iv]  = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
       end
@@ -234,7 +234,7 @@ module SymmetricEncryption
       config[:key_encrypting_key] = RSAKey.new(private_rsa_key) if private_rsa_key
 
       # Migrate old encrypted_key to new binary format
-      if (encrypted_key        = config[:encrypted_key]) && private_rsa_key
+      if (encrypted_key = config[:encrypted_key]) && private_rsa_key
         config[:encrypted_key] = ::Base64.decode64(encrypted_key)
       end
     end

data/lib/symmetric_encryption/railtie.rb

@@ -29,26 +29,27 @@ module SymmetricEncryption #:nodoc:
     config.before_configuration do
       # Check if already configured
       unless ::SymmetricEncryption.cipher?
-        app_name      = Rails::Application.subclasses.first.parent.to_s.underscore
+        parent_method = Module.method_defined?(:module_parent) ? "module_parent" : "parent"
+        app_name      = Rails::Application.subclasses.first.send(parent_method).to_s.underscore
+        env_var       = ENV["SYMMETRIC_ENCRYPTION_CONFIG"]
         config_file   =
-          if (env_var = ENV['SYMMETRIC_ENCRYPTION_CONFIG'])
-            Pathname.new File.expand_path(env_var)
+          if env_var
+            Pathname.new(File.expand_path(env_var))
           else
-            Rails.root.join('config', 'symmetric-encryption.yml')
+            Rails.root.join("config", "symmetric-encryption.yml")
           end
+
         if config_file.file?
           begin
-            ::SymmetricEncryption::Config.load!(file_name: config_file, env: ENV['SYMMETRIC_ENCRYPTION_ENV'] || Rails.env)
-          rescue ArgumentError => exc
+            ::SymmetricEncryption::Config.load!(file_name: config_file, env: ENV["SYMMETRIC_ENCRYPTION_ENV"] || Rails.env)
+          rescue ArgumentError => e
             puts "\nSymmetric Encryption not able to read keys."
-            puts "#{exc.class.name} #{exc.message}"
+            puts "#{e.class.name} #{e.message}"
             puts "To generate a new config file and key files: symmetric-encryption --generate --app-name #{app_name}\n\n"
-            raise(exc)
+            raise(e)
           end
-        else
-          puts "\nSymmetric Encryption config not found."
-          puts "To generate a new config file and key files: symmetric-encryption --generate --app-name #{app_name}\n\n"
         end
+
       end
     end
   end

data/lib/symmetric_encryption/railties/mongoid_encrypted.rb

@@ -1,4 +1,4 @@
-require 'mongoid'
+require "mongoid"
 # Add :encrypted option for Mongoid models
 #
 # Example:
@@ -95,12 +95,13 @@ Mongoid::Fields.option :encrypted do |model, field, options|
 
     # Support overriding the name of the decrypted attribute
     decrypted_field_name = options.delete(:decrypt_as)
-    if decrypted_field_name.nil? && encrypted_field_name.to_s.start_with?('encrypted_')
-      decrypted_field_name = encrypted_field_name.to_s['encrypted_'.length..-1]
+    if decrypted_field_name.nil? && encrypted_field_name.to_s.start_with?("encrypted_")
+      decrypted_field_name = encrypted_field_name.to_s["encrypted_".length..-1]
     end
 
     if decrypted_field_name.nil?
-      raise(ArgumentError, "SymmetricEncryption for Mongoid. Encryption enabled for field #{encrypted_field_name}. It must either start with 'encrypted_' or the option :decrypt_as must be supplied")
+      raise(ArgumentError,
+            "SymmetricEncryption for Mongoid. Encryption enabled for field #{encrypted_field_name}. It must either start with 'encrypted_' or the option :decrypt_as must be supplied")
     end
 
     SymmetricEncryption::Generator.generate_decrypted_accessors(model, decrypted_field_name, encrypted_field_name, options)

data/lib/symmetric_encryption/railties/symmetric_encryption_validator.rb

@@ -15,6 +15,6 @@ class SymmetricEncryptionValidator < ActiveModel::EachValidator
   def validate_each(record, attribute, value)
     return if value.blank? || SymmetricEncryption.encrypted?(value)
 
-    record.errors.add(attribute, 'must be a value encrypted using SymmetricEncryption.encrypt')
+    record.errors.add(attribute, "must be a value encrypted using SymmetricEncryption.encrypt")
   end
 end

data/lib/symmetric_encryption/reader.rb

@@ -1,4 +1,4 @@
-require 'openssl'
+require "openssl"
 
 module SymmetricEncryption
   # Read from encrypted files and other IO streams
@@ -60,7 +60,7 @@ module SymmetricEncryption
     #   csv.close if csv
     # end
     def self.open(file_name_or_stream, buffer_size: 16_384, **args, &block)
-      ios = file_name_or_stream.is_a?(String) ? ::File.open(file_name_or_stream, 'rb') : file_name_or_stream
+      ios = file_name_or_stream.is_a?(String) ? ::File.open(file_name_or_stream, "rb") : file_name_or_stream
 
       begin
         file = new(ios, buffer_size: buffer_size, **args)
@@ -104,7 +104,7 @@ module SymmetricEncryption
 
     # Returns [true|false] whether the file contains the encryption header
     def self.header_present?(file_name)
-      ::File.open(file_name, 'rb') { |file| new(file).header_present? }
+      ::File.open(file_name, "rb") { |file| new(file).header_present? }
     end
 
     # After opening a file Returns [true|false] whether the file being
@@ -120,9 +120,9 @@ module SymmetricEncryption
       @version        = version
       @header_present = false
       @closed         = false
-      @read_buffer    = ''.b
+      @read_buffer    = "".b
 
-      raise(ArgumentError, 'Buffer size cannot be smaller than 128') unless @buffer_size >= 128
+      raise(ArgumentError, "Buffer size cannot be smaller than 128") unless @buffer_size >= 128
 
       read_header
     end
@@ -185,10 +185,10 @@ module SymmetricEncryption
     # At end of file, it returns nil if no more data is available, or the last
     # remaining bytes
     def read(length = nil, outbuf = nil)
-      data             = outbuf.to_s.clear
+      data             = outbuf.nil? ? "" : outbuf.clear
       remaining_length = length
 
-      until remaining_length == 0 || eof?
+      until remaining_length&.zero? || eof?
         read_block(remaining_length) if @read_buffer.empty?
 
         if remaining_length && remaining_length < @read_buffer.length
@@ -209,7 +209,7 @@ module SymmetricEncryption
     # Raises EOFError on eof
     # The stream must be opened for reading or an IOError will be raised.
     def readline(sep_string = "\n")
-      gets(sep_string) || raise(EOFError, 'End of file reached when trying to read a line')
+      gets(sep_string) || raise(EOFError, "End of file reached when trying to read a line")
     end
 
     # Reads a single decrypted line from the file up to and including the optional sep_string.
@@ -226,8 +226,8 @@ module SymmetricEncryption
         read_block
       end
       index ||= -1
-      data    = @read_buffer.slice!(0..index)
-      @pos   += data.length
+      data = @read_buffer.slice!(0..index)
+      @pos += data.length
       return nil if data.empty? && eof?
 
       data
@@ -310,7 +310,7 @@ module SymmetricEncryption
       @pos = 0
 
       # Read first block and check for the header
-      buf = @ios.read(@buffer_size, @output_buffer ||= ''.b)
+      buf = @ios.read(@buffer_size, @output_buffer ||= "".b)
 
       # Use cipher specified in header, or global cipher if it has no header
       iv, key, cipher_name, cipher = nil
@@ -340,7 +340,7 @@ module SymmetricEncryption
 
     # Read a block of data and append the decrypted data in the read buffer
     def read_block(length = nil)
-      buf = @ios.read(length || @buffer_size, @output_buffer ||= ''.b)
+      buf = @ios.read(length || @buffer_size, @output_buffer ||= "".b)
       decrypt(buf)
     end
 
@@ -356,7 +356,7 @@ module SymmetricEncryption
       def decrypt(buf)
         return if buf.nil? || buf.empty?
 
-        @read_buffer << @stream_cipher.update(buf, @cipher_buffer ||= ''.b)
+        @read_buffer << @stream_cipher.update(buf, @cipher_buffer ||= "".b)
         @read_buffer << @stream_cipher.final if @ios.eof?
       end
     end

data/lib/symmetric_encryption/rsa_key.rb

@@ -1,4 +1,4 @@
-require 'openssl'
+require "openssl"
 module SymmetricEncryption
   # DEPRECATED - Internal use only
   class RSAKey

data/lib/symmetric_encryption/symmetric_encryption.rb

@@ -1,18 +1,13 @@
-require 'base64'
-require 'openssl'
-require 'zlib'
-require 'yaml'
-require 'erb'
+require "base64"
+require "openssl"
+require "zlib"
+require "yaml"
+require "erb"
 
 # Encrypt using 256 Bit AES CBC symmetric key and initialization vector
 # The symmetric key is protected using the private key below and must
 # be distributed separately from the application
 module SymmetricEncryption
-  # Defaults
-  @@cipher            = nil
-  @@secondary_ciphers = []
-  @@select_cipher     = nil
-
   # List of types supported when encrypting or decrypting data
   #
   # Each type maps to the built-in Ruby types as follows:
@@ -37,9 +32,11 @@ module SymmetricEncryption
   #     cipher: 'aes-128-cbc'
   #   )
   def self.cipher=(cipher)
-    raise(ArgumentError, 'Cipher must respond to :encrypt and :decrypt') unless cipher.nil? || (cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt))
+    unless cipher.nil? || (cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt))
+      raise(ArgumentError, "Cipher must respond to :encrypt and :decrypt")
+    end
 
-    @@cipher = cipher
+    @cipher = cipher
   end
 
   # Returns the Primary Symmetric Cipher being used
@@ -50,33 +47,46 @@ module SymmetricEncryption
     unless cipher?
       raise(
         SymmetricEncryption::ConfigError,
-        'Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data'
+        "Call SymmetricEncryption.load! or SymmetricEncryption.cipher= prior to encrypting or decrypting data"
       )
     end
 
-    return @@cipher if version.nil? || (@@cipher.version == version)
+    return @cipher if version.nil? || (@cipher.version == version)
 
-    secondary_ciphers.find { |c| c.version == version } || (@@cipher if version.zero?)
+    secondary_ciphers.find { |c| c.version == version } || (@cipher if version.zero?)
   end
 
   # Returns whether a primary cipher has been set
   def self.cipher?
-    !@@cipher.nil?
+    !@cipher.nil?
   end
 
   # Set the Secondary Symmetric Ciphers Array to be used
   def self.secondary_ciphers=(secondary_ciphers)
-    raise(ArgumentError, 'secondary_ciphers must be a collection') unless secondary_ciphers.respond_to? :each
+    raise(ArgumentError, "secondary_ciphers must be a collection") unless secondary_ciphers.respond_to? :each
 
     secondary_ciphers.each do |cipher|
-      raise(ArgumentError, 'secondary_ciphers can only consist of SymmetricEncryption::Ciphers') unless cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt)
+      unless cipher.respond_to?(:encrypt) && cipher.respond_to?(:decrypt)
+        raise(ArgumentError, "secondary_ciphers can only consist of SymmetricEncryption::Ciphers")
+      end
     end
-    @@secondary_ciphers = secondary_ciphers
+    @secondary_ciphers = secondary_ciphers
   end
 
   # Returns the Primary Symmetric Cipher being used
   def self.secondary_ciphers
-    @@secondary_ciphers
+    @secondary_ciphers
+  end
+
+  # Whether to randomize the iv by default.
+  # true: Generate a new random IV by default. [HIGHLY RECOMMENDED]
+  # false: Do not generate a new random IV by default.
+  def self.randomize_iv?
+    @randomize_iv
+  end
+
+  def self.randomize_iv=(randomize_iv)
+    @randomize_iv = randomize_iv
   end
 
   # Decrypt supplied string.
@@ -115,7 +125,7 @@ module SymmetricEncryption
   #       the incorrect key. Clearly the data returned is garbage, but it still
   #       successfully returns a string of data
   def self.decrypt(encrypted_and_encoded_string, version: nil, type: :string)
-    return encrypted_and_encoded_string if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == '')
+    return encrypted_and_encoded_string if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == "")
 
     str = encrypted_and_encoded_string.to_s
 
@@ -133,9 +143,9 @@ module SymmetricEncryption
           if version
             # Supplied version takes preference
             cipher(version)
-          elsif @@select_cipher
+          elsif @select_cipher
             # Use cipher_selector if present to decide which cipher to use
-            @@select_cipher.call(str, decoded)
+            @select_cipher.call(str, decoded)
           else
             # Global cipher
             cipher
@@ -144,14 +154,16 @@ module SymmetricEncryption
       end
 
     # Try to force result to UTF-8 encoding, but if it is not valid, force it back to Binary
-    decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING) unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
+    unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
+      decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING)
+    end
     Coerce.coerce_from_string(decrypted, type)
   end
 
   # Returns the header for the encrypted string
   # Returns [nil] if no header is present
   def self.header(encrypted_and_encoded_string)
-    return if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == '')
+    return if encrypted_and_encoded_string.nil? || (encrypted_and_encoded_string == "")
 
     # Decode before decrypting supplied string
     decoded = cipher.encoder.decode(encrypted_and_encoded_string.to_s)
@@ -172,10 +184,12 @@ module SymmetricEncryption
   #     to convert it to a string
   #
   #   random_iv [true|false]
-  #     Whether the encypted value should use a random IV every time the
-  #     field is encrypted.
-  #     It is recommended to set this to true where feasible. If the encrypted
-  #     value could be used as part of a SQL where clause, or as part
+  #     Mandatory unless `SymmetricEncryption.randomize_iv = true` has been called.
+  #
+  #     Whether the encrypted value should use a random IV every time the field is encrypted.
+  #     It is recommended to set this to true where possible.
+  #
+  #     If the encrypted value could be used as part of a SQL where clause, or as part
   #     of any lookup, then it must be false.
   #     Setting random_iv to true will result in a different encrypted output for
   #     the same input string.
@@ -203,8 +217,8 @@ module SymmetricEncryption
   #     Note: If type is set to something other than :string, it's expected that
   #       the coercible gem is available in the path.
   #     Default: :string
-  def self.encrypt(str, random_iv: false, compress: false, type: :string, header: cipher.always_add_header)
-    return str if str.nil? || (str == '')
+  def self.encrypt(str, random_iv: SymmetricEncryption.randomize_iv?, compress: false, type: :string, header: cipher.always_add_header)
+    return str if str.nil? || (str == "")
 
     # Encrypt and then encode the supplied string
     cipher.encrypt(Coerce.coerce_to_string(str, type), random_iv: random_iv, compress: compress, header: header)
@@ -233,7 +247,7 @@ module SymmetricEncryption
   # * This method only works reliably when the encrypted data includes the symmetric encryption header.
   # * nil and '' are considered "encrypted" so that validations do not blow up on empty values.
   def self.encrypted?(encrypted_data)
-    return false if encrypted_data.nil? || (encrypted_data == '')
+    return false if encrypted_data.nil? || (encrypted_data == "")
 
     @header ||= SymmetricEncryption.cipher.encoded_magic_header
     encrypted_data.to_s.start_with?(@header)
@@ -265,7 +279,7 @@ module SymmetricEncryption
   #     encoded_str.end_with?("\n") ? SymmetricEncryption.cipher(0) : SymmetricEncryption.cipher
   #   end
   def self.select_cipher(&block)
-    @@select_cipher = block || nil
+    @select_cipher = block || nil
   end
 
   # Load the Encryption Configuration from a YAML file
@@ -282,10 +296,16 @@ module SymmetricEncryption
 
   # Generate a Random password
   def self.random_password(size = 22)
-    require 'securerandom' unless defined?(SecureRandom)
+    require "securerandom" unless defined?(SecureRandom)
     SecureRandom.urlsafe_base64(size)
   end
 
-  BINARY_ENCODING = Encoding.find('binary')
-  UTF8_ENCODING   = Encoding.find('UTF-8')
+  BINARY_ENCODING = Encoding.find("binary")
+  UTF8_ENCODING   = Encoding.find("UTF-8")
+
+  # Defaults
+  @cipher            = nil
+  @secondary_ciphers = []
+  @select_cipher     = nil
+  @randomize_iv      = false
 end

data/lib/symmetric_encryption/utils/aws.rb

@@ -1,5 +1,5 @@
-require 'base64'
-require 'aws-sdk-kms'
+require "base64"
+require "aws-sdk-kms"
 module SymmetricEncryption
   module Utils
     # Wrap the AWS KMS client so that it automatically creates the Customer Master Key,
@@ -13,8 +13,8 @@ module SymmetricEncryption
 
       # TODO: Map to OpenSSL ciphers
       AWS_KEY_SPEC_MAP = {
-        'aes-256-cbc' => 'AES_256',
-        'aes-128-cbc' => 'AES_128'
+        "aes-256-cbc" => "AES_256",
+        "aes-128-cbc" => "AES_128"
       }.freeze
 
       # TODO: Move to Keystore::Aws
@@ -98,12 +98,10 @@ module SymmetricEncryption
 
       private
 
-      attr_reader :client
-
       def whoami
         @whoami ||= `whoami`.strip
       rescue StandardError
-        @whoami = 'unknown'
+        @whoami = "unknown"
       end
 
       # Creates a new Customer Master Key for Symmetric Encryption use.
@@ -111,10 +109,10 @@ module SymmetricEncryption
         # TODO: Add error handling and retry
 
         resp = client.create_key(
-          description: 'Symmetric Encryption for Ruby Customer Masker Key',
+          description: "Symmetric Encryption for Ruby Customer Masker Key",
           tags:        [
-            {tag_key: 'CreatedAt', tag_value: Time.now.to_s},
-            {tag_key: 'CreatedBy', tag_value: whoami}
+            {tag_key: "CreatedAt", tag_value: Time.now.to_s},
+            {tag_key: "CreatedBy", tag_value: whoami}
           ]
         )
         resp.key_metadata.key_id

data/lib/symmetric_encryption/utils/files.rb

@@ -6,7 +6,7 @@ module SymmetricEncryption
       attr_reader :file_name
 
       def read_file_and_decode(file_name)
-        raise(SymmetricEncryption::ConfigError, 'file_name is mandatory for each key_file entry') unless file_name
+        raise(SymmetricEncryption::ConfigError, "file_name is mandatory for each key_file entry") unless file_name
 
         raise(SymmetricEncryption::ConfigError, "File #{file_name} could not be found") unless ::File.exist?(file_name)
 
@@ -31,12 +31,12 @@ module SymmetricEncryption
         key_path = ::File.dirname(file_name)
         ::FileUtils.mkdir_p(key_path) unless ::File.directory?(key_path)
         ::File.rename(file_name, "#{file_name}.#{Time.now.to_i}") if ::File.exist?(file_name)
-        ::File.open(file_name, 'wb', 0600) { |file| file.write(data) }
+        ::File.open(file_name, "wb", 0o600) { |file| file.write(data) }
       end
 
       # Read from the file, raising an exception if it is not found
       def read_from_file(file_name)
-        ::File.open(file_name, 'rb', &:read)
+        ::File.open(file_name, "rb", &:read)
       rescue Errno::ENOENT
         raise(SymmetricEncryption::ConfigError, "Symmetric Encryption key file: '#{file_name}' not found or readable")
       end