symmetric-encryption 4.3.2 → 4.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4054c7a61802055fd46d4effd1f3222369a1b46f23aeeadaae0322d392b7dcc1
-  data.tar.gz: b367ad236ab6f52d97bf28425f1c7bb1fc824b1c573c6528adb276f842dd97ee
+  metadata.gz: cc6728652282c5b73acde1b45427e7dbce0092ceecc197a052f5364b83c53e28
+  data.tar.gz: dad8b275ffd46adf20d2b3f51c7673b79e1cc359750626d4207f203a207c14f0
 SHA512:
-  metadata.gz: 2e0318de85ab6308c6dc7748d0096b18693d3b1cd8266ac7920a8033f9c220981b222a1d2e594bcd6f2d08700c40dbbc6e32159ab2b235b6f2b58ff5bb2dc4a2
-  data.tar.gz: 5a29bd465b788a8e28e3f84435fb5d03355fcd9d31fded9d4700eea47cec1a02dd2675c84b36d72fe2e16a9ee4dbafa2b8b401519cebf58c17abaaf9741f9aae
+  metadata.gz: efd513c2c0b22b5252583a3d8207d89f907b695f6edf6c75d0f7a2c9177e8d32d5566d7228f36b7039318d4e72380f4cee4090048cf40f7bf50a492bf525fcc5
+  data.tar.gz: bac21c5250923fd85134cc3a59e220ec2c87c85e4dc7f4efef280110c01852dd202256bcad5671d96dd7c7424c531b2bd237f0f9f85d5ac22bce24415ab6fcde

data/README.md

@@ -1,9 +1,9 @@
 # Symmetric Encryption
-![](https://img.shields.io/gem/v/symmetric-encryption.svg) ![](https://img.shields.io/travis/rocketjob/symmetric-encryption.svg) ![](https://img.shields.io/gem/dt/symmetric-encryption.svg)  ![](https://img.shields.io/badge/status-production%20ready-blue.svg)
+[![Gem Version](https://img.shields.io/gem/v/symmetric-encryption.svg)](https://rubygems.org/gems/symmetric-encryption) [![Build Status](https://github.com/reidmorrison/symmetric-encryption/workflows/build/badge.svg)](https://github.com/reidmorrison/symmetric-encryption/actions?query=workflow%3Abuild) [![Downloads](https://img.shields.io/gem/dt/symmetric-encryption.svg)](https://rubygems.org/gems/symmetric-encryption) [![License](https://img.shields.io/badge/license-Apache%202.0-brightgreen.svg)](http://opensource.org/licenses/Apache-2.0) ![](https://img.shields.io/badge/status-Production%20Ready-blue.svg) 
 
-* http://github.com/rocketjob/symmetric-encryption
+* https://encryption.rocketjob.io/
 
-Transparently encrypt ActiveRecord, Mongoid, and MongoMapper attributes. Encrypt passwords in configuration files. Encrypt entire files at rest.
+Transparently encrypt ActiveRecord, and Mongoid attributes. Encrypt passwords in configuration files. Encrypt entire files at rest.
 
 ## Introduction
 
@@ -19,9 +19,7 @@ expose all the encryption algorithms supported by OpenSSL.
 
 ## Documentation
 
-[Symmetric Encryption Guide](http://rocketjob.github.io/symmetric-encryption)
-
-[Reference Documentation](http://www.rubydoc.info/gems/symmetric-encryption/)
+[Symmetric Encryption Guide](https://encryption.rocketjob.io/)
 
 ## Rocket Job
 
@@ -168,7 +166,7 @@ may have backward compatibility issues:
 
 [Reid Morrison](https://github.com/reidmorrison)
 
-[Contributors](https://github.com/rocketjob/symmetric-encryption/graphs/contributors)
+[Contributors](https://github.com/reidmorrison/symmetric-encryption/graphs/contributors)
 
 ## Versioning
 

data/lib/symmetric_encryption/cipher.rb

@@ -50,6 +50,8 @@ module SymmetricEncryption
     #       This is the recommended format since newlines in the values to
     #       SQL queries are cumbersome. Also the newline reformatting is unnecessary
     #       It is not the default for backward compatibility
+    #     :base64urlsafe
+    #       Same as base64strict except that base64urlsafe uses '-' instead of '+' and '_' instead of '/'.
     #     :base64
     #       Return as a base64 encoded string
     #     :base16
@@ -84,9 +86,9 @@ module SymmetricEncryption
       @version           = version.to_i
       @always_add_header = always_add_header
 
-      if (@version > 255) || @version.negative?
-        raise(ArgumentError, "Cipher version has a valid range of 0 to 255. #{@version} is too high, or negative")
-      end
+      return unless (@version > 255) || @version.negative?
+
+      raise(ArgumentError, "Cipher version has a valid range of 0 to 255. #{@version} is too high, or negative")
     end
 
     # Change the encoding
@@ -114,7 +116,7 @@ module SymmetricEncryption
     #     to convert it to a string
     #
     #   random_iv [true|false]
-    #     Whether the encypted value should use a random IV every time the
+    #     Whether the encrypted value should use a random IV every time the
     #     field is encrypted.
     #     Notes:
     #     * Setting random_iv to true will result in a different encrypted output for

data/lib/symmetric_encryption/cli.rb

@@ -74,7 +74,7 @@ module SymmetricEncryption
         opts.banner = <<~BANNER
           Symmetric Encryption v#{VERSION}
 
-            For more information, see: https://rocketjob.github.io/symmetric-encryption/
+            For more information, see: https://encryption.rocketjob.io/
 
             Note:
               It is recommended to backup the current configuration file, or place it in version control before running
@@ -91,7 +91,8 @@ module SymmetricEncryption
           @decrypt = file_name || STDIN
         end
 
-        opts.on "-o", "--output FILE_NAME", "Write encrypted or decrypted file to this file, otherwise output goes to stdout." do |file_name|
+        opts.on "-o", "--output FILE_NAME",
+                "Write encrypted or decrypted file to this file, otherwise output goes to stdout." do |file_name|
           @output_file_name = file_name
         end
 
@@ -107,11 +108,13 @@ module SymmetricEncryption
           @compress = false
         end
 
-        opts.on "-E", "--env ENVIRONMENT", "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
+        opts.on "-E", "--env ENVIRONMENT",
+                "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
           @environment = environment
         end
 
-        opts.on "-c", "--config CONFIG_FILE_PATH", "File name & path to the Symmetric Encryption configuration file. Default: config/symmetric-encryption.yml or Env var: `SYMMETRIC_ENCRYPTION_CONFIG`" do |path|
+        opts.on "-c", "--config CONFIG_FILE_PATH",
+                "File name & path to the Symmetric Encryption configuration file. Default: config/symmetric-encryption.yml or Env var: `SYMMETRIC_ENCRYPTION_CONFIG`" do |path|
           @config_file_path = path
         end
 
@@ -119,11 +122,13 @@ module SymmetricEncryption
           @migrate = true
         end
 
-        opts.on "-r", "--re-encrypt [PATTERN]", 'ReEncrypt all files matching the pattern. Default:  "**/*.{yml,rb}"' do |pattern|
+        opts.on "-r", "--re-encrypt [PATTERN]",
+                'ReEncrypt all files matching the pattern. Default:  "**/*.{yml,rb}"' do |pattern|
           @re_encrypt = pattern || "**/*.{yml,rb}"
         end
 
-        opts.on "-n", "--new-password [SIZE]", "Generate a new random password using only characters that are URL-safe base64. Default size is 22." do |size|
+        opts.on "-n", "--new-password [SIZE]",
+                "Generate a new random password using only characters that are URL-safe base64. Default size is 22." do |size|
           @random_password = (size || 22).to_i
         end
 
@@ -131,39 +136,48 @@ module SymmetricEncryption
           @generate = config
         end
 
-        opts.on "-s", "--keystore heroku|environment|file|aws|gcp", "Which keystore to use during generation or re-encryption." do |keystore|
+        opts.on "-s", "--keystore heroku|environment|file|aws|gcp",
+                "Which keystore to use during generation or re-encryption." do |keystore|
           @keystore = (keystore || "file").downcase.to_sym
         end
 
-        opts.on "-B", "--regions [us-east-1,us-east-2,us-west-1,us-west-2]", "AWS KMS Regions to encrypt data key with." do |regions|
+        opts.on "-B", "--regions [us-east-1,us-east-2,us-west-1,us-west-2]",
+                "AWS KMS Regions to encrypt data key with." do |regions|
           @regions = regions.to_s.split(",").collect(&:strip) if regions
         end
 
-        opts.on "-K", "--key-path KEY_PATH", "Output path in which to write generated key files. Default: ~/.symmetric-encryption" do |path|
+        opts.on "-K", "--key-path KEY_PATH",
+                "Output path in which to write generated key files. Default: ~/.symmetric-encryption" do |path|
           @key_path = path
         end
 
-        opts.on "-a", "--app-name NAME", "Application name to use when generating a new configuration. Default: symmetric-encryption" do |name|
+        opts.on "-a", "--app-name NAME",
+                "Application name to use when generating a new configuration. Default: symmetric-encryption" do |name|
           @app_name = name
         end
 
-        opts.on "-S", "--environments ENVIRONMENTS", "Comma separated list of environments for which to generate the config file. Default: development,test,release,production" do |environments|
+        opts.on "-S", "--environments ENVIRONMENTS",
+                "Comma separated list of environments for which to generate the config file. Default: development,test,release,production" do |environments|
           @environments = environments.split(",").collect(&:strip).collect(&:to_sym)
         end
 
-        opts.on "-C", "--cipher-name NAME", "Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc" do |name|
+        opts.on "-C", "--cipher-name NAME",
+                "Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc" do |name|
           @cipher_name = name
         end
 
-        opts.on "-R", "--rotate-keys", "Generates a new encryption key version, encryption key files, and updates the configuration file." do
+        opts.on "-R", "--rotate-keys",
+                "Generates a new encryption key version, encryption key files, and updates the configuration file." do
           @rotate_keys = true
         end
 
-        opts.on "-U", "--rotate-kek", "Replace the existing key encrypting keys only, the data encryption key is not changed, and updates the configuration file." do
+        opts.on "-U", "--rotate-kek",
+                "Replace the existing key encrypting keys only, the data encryption key is not changed, and updates the configuration file." do
           @rotate_kek = true
         end
 
-        opts.on "-D", "--rolling-deploy", "During key rotation, support a rolling deploy by placing the new key second in the list so that it is not activated yet." do
+        opts.on "-D", "--rolling-deploy",
+                "During key rotation, support a rolling deploy by placing the new key second in the list so that it is not activated yet." do
           @rolling_deploy = true
         end
 
@@ -171,11 +185,13 @@ module SymmetricEncryption
           @activate_key = true
         end
 
-        opts.on "-X", "--cleanup-keys", "Removes all encryption keys, except the one with the highest version from the configuration file." do
+        opts.on "-X", "--cleanup-keys",
+                "Removes all encryption keys, except the one with the highest version from the configuration file." do
           @cleanup_keys = true
         end
 
-        opts.on "-V", "--key-version NUMBER", "Encryption key version to use when encrypting or re-encrypting. Default: (Current global version)." do |number|
+        opts.on "-V", "--key-version NUMBER",
+                "Encryption key version to use when encrypting or re-encrypting. Default: (Current global version)." do |number|
           @version = number.to_i
         end
 
@@ -237,7 +253,8 @@ module SymmetricEncryption
       end
 
       config = Config.read_file(config_file_path)
-      SymmetricEncryption::Keystore.rotate_keys!(config, environments: environments || [], app_name: app_name, rolling_deploy: rolling_deploy, keystore: keystore)
+      SymmetricEncryption::Keystore.rotate_keys!(config, environments: environments || [], app_name: app_name,
+rolling_deploy: rolling_deploy, keystore: keystore)
       Config.write_file(config_file_path, config)
       puts "Existing configuration file updated with new keys: #{config_file_path}"
     end
@@ -280,7 +297,8 @@ module SymmetricEncryption
     end
 
     def encrypt_file(input_file_name)
-      SymmetricEncryption::Writer.encrypt(source: input_file_name, target: output_file_name || STDOUT, compress: compress, version: version)
+      SymmetricEncryption::Writer.encrypt(source: input_file_name, target: output_file_name || STDOUT, compress: compress,
+version: version)
     end
 
     def decrypt_file(input_file_name)

data/lib/symmetric_encryption/config.rb

@@ -27,7 +27,7 @@ module SymmetricEncryption
 
     # Reads the entire configuration for all environments from the supplied file name.
     def self.read_file(file_name)
-      config = YAML.load(ERB.new(File.new(file_name).read).result)
+      config = load_yaml(ERB.new(File.new(file_name).read).result)
       config = deep_symbolize_keys(config)
       config.each_pair { |_env, cfg| SymmetricEncryption::Config.send(:migrate_old_formats!, cfg) }
       config
@@ -75,7 +75,7 @@ module SymmetricEncryption
         begin
           raise(ConfigError, "Cannot find config file: #{file_name}") unless File.exist?(file_name)
 
-          env_config = YAML.load(ERB.new(File.new(file_name).read).result)[env]
+          env_config = self.class.load_yaml(ERB.new(File.new(file_name).read).result)[env]
           raise(ConfigError, "Cannot find environment: #{env} in config file: #{file_name}") unless env_config
 
           env_config = self.class.send(:deep_symbolize_keys, env_config)
@@ -83,7 +83,7 @@ module SymmetricEncryption
         end
     end
 
-    # Returns [Array(SymmetricEncrytion::Cipher)] ciphers specified in the configuration file.
+    # Returns [Array(SymmetricEncryption::Cipher)] ciphers specified in the configuration file.
     def ciphers
       @ciphers ||= config[:ciphers].collect { |cipher_config| Cipher.from_config(**cipher_config) }
     end
@@ -163,5 +163,11 @@ module SymmetricEncryption
     end
 
     private_class_method :migrate_old_formats!
+
+    def self.load_yaml(src)
+      return YAML.safe_load(src, permitted_classes: [Symbol], aliases: true) if Psych::VERSION.to_i >= 4
+
+      YAML.load(src)
+    end
   end
 end

data/lib/symmetric_encryption/core.rb

@@ -25,6 +25,7 @@ module SymmetricEncryption
   module ActiveRecord
     autoload :EncryptedAttribute,   "symmetric_encryption/active_record/encrypted_attribute"
   end
+
   module Utils
     autoload :Aws,                  "symmetric_encryption/utils/aws"
     autoload :Files,                "symmetric_encryption/utils/files"

data/lib/symmetric_encryption/encoder.rb

@@ -6,6 +6,8 @@ module SymmetricEncryption
         Base64.new
       when :base64strict
         Base64Strict.new
+      when :base64urlsafe
+        Base64UrlSafe.new
       when :base16
         Base16.new
       when :none
@@ -65,6 +67,22 @@ module SymmetricEncryption
       end
     end
 
+    class Base64UrlSafe
+      def encode(binary_string)
+        return binary_string if binary_string.nil? || (binary_string == "")
+
+        encoded_string = ::Base64.urlsafe_encode64(binary_string)
+        encoded_string.force_encoding(SymmetricEncryption::UTF8_ENCODING)
+      end
+
+      def decode(encoded_string)
+        return encoded_string if encoded_string.nil? || (encoded_string == "")
+
+        decoded_string = ::Base64.urlsafe_decode64(encoded_string)
+        decoded_string.force_encoding(SymmetricEncryption::BINARY_ENCODING)
+      end
+    end
+
     class Base16
       def encode(binary_string)
         return binary_string if binary_string.nil? || (binary_string == "")

data/lib/symmetric_encryption/header.rb

@@ -167,29 +167,29 @@ module SymmetricEncryption
 
       self.compress = (flags & FLAG_COMPRESSED) != 0
 
-      if (flags & FLAG_IV) != 0
-        self.iv, offset = read_string(buffer, offset)
-      else
+      if (flags & FLAG_IV).zero?
         self.iv = nil
+      else
+        self.iv, offset = read_string(buffer, offset)
       end
 
-      if (flags & FLAG_KEY) != 0
+      if (flags & FLAG_KEY).zero?
+        self.key = nil
+      else
         encrypted_key, offset = read_string(buffer, offset)
         self.key              = cipher.binary_decrypt(encrypted_key)
-      else
-        self.key = nil
       end
 
-      if (flags & FLAG_CIPHER_NAME) != 0
-        self.cipher_name, offset = read_string(buffer, offset)
-      else
+      if (flags & FLAG_CIPHER_NAME).zero?
         self.cipher_name = nil
+      else
+        self.cipher_name, offset = read_string(buffer, offset)
       end
 
-      if (flags & FLAG_AUTH_TAG) != 0
-        self.auth_tag, offset = read_string(buffer, offset)
-      else
+      if (flags & FLAG_AUTH_TAG).zero?
         self.auth_tag = nil
+      else
+        self.auth_tag, offset = read_string(buffer, offset)
       end
 
       offset

data/lib/symmetric_encryption/keystore/aws.rb

@@ -70,13 +70,9 @@ module SymmetricEncryption
       #                ],
       #   iv:          'T80pYzD0E6e/bJCdjZ6TiQ=='
       # }
-      def self.generate_data_key(version: 0,
+      def self.generate_data_key(cipher_name:, app_name:, environment:, key_path:, version: 0,
                                  regions: Utils::Aws::AWS_US_REGIONS,
                                  dek: nil,
-                                 cipher_name:,
-                                 app_name:,
-                                 environment:,
-                                 key_path:,
                                  **_args)
 
         # TODO: Also support generating environment variables instead of files.
@@ -116,12 +112,13 @@ module SymmetricEncryption
 
       # Stores the Encryption key in a file.
       # Secures the Encryption key by encrypting it with a key encryption key.
-      def initialize(region: nil, key_files:, master_key_alias:, key_encrypting_key: nil)
+      def initialize(key_files:, master_key_alias:, region: nil, key_encrypting_key: nil)
         @key_files        = key_files
         @master_key_alias = master_key_alias
         @region           = region || ENV["AWS_REGION"] || ENV["AWS_DEFAULT_REGION"] || ::Aws.config[:region]
         if key_encrypting_key
-          raise(SymmetricEncryption::ConfigError, "AWS KMS keystore encrypts the key itself, so does not support supplying a key_encrypting_key")
+          raise(SymmetricEncryption::ConfigError,
+                "AWS KMS keystore encrypts the key itself, so does not support supplying a key_encrypting_key")
         end
       end
 

data/lib/symmetric_encryption/keystore/gcp.rb

@@ -5,7 +5,7 @@ module SymmetricEncryption
     class Gcp
       include Utils::Files
 
-      def self.generate_data_key(version: 0, cipher_name:, app_name:, environment:, key_path:)
+      def self.generate_data_key(cipher_name:, app_name:, environment:, key_path:, version: 0)
         version >= 255 ? (version = 1) : (version += 1)
 
         dek       = SymmetricEncryption::Key.new(cipher_name: cipher_name)
@@ -46,7 +46,8 @@ module SymmetricEncryption
       end
 
       def crypto_key
-        @crypto_key ||= self.class::KMS::KeyManagementServiceClient.crypto_key_path(project_id, location_id, app_name, environment.to_s)
+        @crypto_key ||= self.class::KMS::KeyManagementServiceClient.crypto_key_path(project_id, location_id, app_name,
+                                                                                    environment.to_s)
       end
 
       private

data/lib/symmetric_encryption/keystore/memory.rb

@@ -35,7 +35,7 @@ module SymmetricEncryption
 
       # Stores the Encryption key in a string.
       # Secures the Encryption key by encrypting it with a key encryption key.
-      def initialize(encrypted_key: nil, key_encrypting_key:)
+      def initialize(key_encrypting_key:, encrypted_key: nil)
         @encrypted_key      = encrypted_key
         @key_encrypting_key = key_encrypting_key
       end

data/lib/symmetric_encryption/keystore.rb

@@ -56,7 +56,7 @@ module SymmetricEncryption
     # Notes:
     # * iv_filename is no longer supported and is removed when creating a new random cipher.
     #     * `iv` does not need to be encrypted and is included in the clear.
-    def self.rotate_keys!(full_config, environments: [], app_name:, rolling_deploy: false, keystore: nil)
+    def self.rotate_keys!(full_config, app_name:, environments: [], rolling_deploy: false, keystore: nil)
       full_config.each_pair do |environment, cfg|
         # Only rotate keys for specified environments. Default, all
         next if !environments.empty? && !environments.include?(environment.to_sym)
@@ -95,7 +95,7 @@ module SymmetricEncryption
     # Rotates just the key encrypting keys for the current cipher version.
     # The existing data encryption key is not changed, it is secured using the
     # new key encrypting keys.
-    def self.rotate_key_encrypting_keys!(full_config, environments: [], app_name:)
+    def self.rotate_key_encrypting_keys!(full_config, app_name:, environments: [])
       full_config.each_pair do |environment, cfg|
         # Only rotate keys for specified environments. Default, all
         next if !environments.empty? && !environments.include?(environment.to_sym)
@@ -156,7 +156,7 @@ module SymmetricEncryption
     # Returns [Key] by recursively navigating the config tree.
     #
     # Supports N level deep key encrypting keys.
-    def self.read_key(key: nil, iv:, key_encrypting_key: nil, cipher_name: "aes-256-cbc", keystore: nil, version: 0, **args)
+    def self.read_key(iv:, key: nil, key_encrypting_key: nil, cipher_name: "aes-256-cbc", keystore: nil, version: 0, **args)
       if key_encrypting_key.is_a?(Hash)
         # Recurse up the chain returning the parent key_encrypting_key
         key_encrypting_key = read_key(cipher_name: cipher_name, **key_encrypting_key)

data/lib/symmetric_encryption/railties/mongoid_encrypted.rb

@@ -100,7 +100,8 @@ Mongoid::Fields.option :encrypted do |model, field, options|
     end
 
     if decrypted_field_name.nil?
-      raise(ArgumentError, "SymmetricEncryption for Mongoid. Encryption enabled for field #{encrypted_field_name}. It must either start with 'encrypted_' or the option :decrypt_as must be supplied")
+      raise(ArgumentError,
+            "SymmetricEncryption for Mongoid. Encryption enabled for field #{encrypted_field_name}. It must either start with 'encrypted_' or the option :decrypt_as must be supplied")
     end
 
     SymmetricEncryption::Generator.generate_decrypted_accessors(model, decrypted_field_name, encrypted_field_name, options)

data/lib/symmetric_encryption/utils/re_encrypt_files.rb

@@ -70,11 +70,11 @@ module SymmetricEncryption
             if line.valid_encoding? && (result = line.match(r))
               encrypted = result[0]
               new_value = re_encrypt(encrypted)
-              if new_value != encrypted
+              if new_value == encrypted
+                line
+              else
                 hits += 1
                 line.gsub(encrypted, new_value)
-              else
-                line
               end
             else
               line

data/lib/symmetric_encryption/version.rb

@@ -1,3 +1,3 @@
 module SymmetricEncryption
-  VERSION = "4.3.2".freeze
+  VERSION = "4.5.0".freeze
 end

data/lib/symmetric_encryption/writer.rb

@@ -51,8 +51,8 @@ module SymmetricEncryption
       if file_name_or_stream.is_a?(String)
         file_name_or_stream = ::File.open(file_name_or_stream, "wb")
         compress            = !(/\.(zip|gz|gzip|xls.|)\z/i === file_name_or_stream) if compress.nil?
-      else
-        compress = true if compress.nil?
+      elsif compress.nil?
+        compress = true
       end
 
       begin
@@ -105,7 +105,8 @@ module SymmetricEncryption
       # Cipher to encrypt the random_key, or the entire file
       cipher = SymmetricEncryption.cipher(version)
       unless cipher
-        raise(SymmetricEncryption::CipherError, "Cipher with version:#{version} not found in any of the configured SymmetricEncryption ciphers")
+        raise(SymmetricEncryption::CipherError,
+              "Cipher with version:#{version} not found in any of the configured SymmetricEncryption ciphers")
       end
 
       # Force header if compressed or using random iv, key

data/lib/symmetric_encryption.rb

@@ -17,7 +17,10 @@ begin
       ActiveRecord::Type.register(:encrypted, SymmetricEncryption::ActiveRecord::EncryptedAttribute)
     end
 
-    ActiveRecord::Base.include(SymmetricEncryption::ActiveRecord::AttrEncrypted)
+    # Remove old way of defining attributes with Rails 7 since it conflicts with the method names.
+    if ActiveRecord.version <= Gem::Version.new("7.0.0")
+      ActiveRecord::Base.include(SymmetricEncryption::ActiveRecord::AttrEncrypted)
+    end
   end
 
   ActiveSupport.on_load(:mongoid) do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: symmetric-encryption
 version: !ruby/object:Gem::Version
-  version: 4.3.2
+  version: 4.5.0
 platform: ruby
 authors:
 - Reid Morrison
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-04-04 00:00:00.000000000 Z
+date: 2022-04-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: coercible
@@ -24,9 +24,8 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
-description: 
+description:
 email:
-- reidmo@gmail.com
 executables:
 - symmetric-encryption
 extensions: []
@@ -68,11 +67,11 @@ files:
 - lib/symmetric_encryption/utils/re_encrypt_files.rb
 - lib/symmetric_encryption/version.rb
 - lib/symmetric_encryption/writer.rb
-homepage: http://rocketjob.github.io/symmetric-encryption/
+homepage: https://encryption.rocketjob.io
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -87,8 +86,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: Encrypt ActiveRecord and Mongoid attributes, files and passwords in configuration
   files.