symmetric-encryption 4.1.4 → 4.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b359cc79bc655a202fa3dca0882e311ec6211f204243e04a1e0775588ba7c433
-  data.tar.gz: '08f689c03556c00b15a3810205ba1aece5577def975b15fd51a5ab8c70f31198'
+  metadata.gz: 9a62a8497a82ccb4701f2301bc351ab8e054569a3cdc02a0e0f2e14cc9866776
+  data.tar.gz: f8867d2e9ced1fd3f7adb081a851481cb3abc11f067d67104324bce539911e26
 SHA512:
-  metadata.gz: 4e7ab43644e0bf6efdeaf07c2afd46bf3c58a17bf4396942bf4e28ad675c3892cee42bb04d4a801f7079c9456f65debc4ff13b36c6ec918a80f4cc3991b85022
-  data.tar.gz: a8db0726395db261acb25cab050af5e3f82f5ad0a4fe7db263de4f7555e1c51f62911350aca6a5f59eb6b4eb46e791a4c98e4dda680c0364494605fbf07d89d6
+  metadata.gz: b8feb0c726ca19c1a956c24b1ec74c11786e07dc1d5131741697b23c0ff9a4b692a3b24853040b73e1418321a761d7f0687f51f620332c7480be73f5b23935fb
+  data.tar.gz: 26fb41fd4d2dc609eb21c382399ed1656798071eedcef94f127e4f4054f7c46f268b94c344ed73cf4ea51583dcbff08deb602df02c04b3dfd5e8fb6a3ea0b73d

data/lib/symmetric_encryption.rb

@@ -1,32 +1,4 @@
-# Used for compression
-require 'zlib'
-# Used to coerce data types between string and their actual types
-require 'coercible'
-
-require 'symmetric_encryption/version'
-require 'symmetric_encryption/cipher'
-require 'symmetric_encryption/symmetric_encryption'
-require 'symmetric_encryption/exception'
-
-# @formatter:off
-module SymmetricEncryption
-  autoload :Coerce,                 'symmetric_encryption/coerce'
-  autoload :Config,                 'symmetric_encryption/config'
-  autoload :Encoder,                'symmetric_encryption/encoder'
-  autoload :Generator,              'symmetric_encryption/generator'
-  autoload :Header,                 'symmetric_encryption/header'
-  autoload :Key,                    'symmetric_encryption/key'
-  autoload :Reader,                 'symmetric_encryption/reader'
-  autoload :RSAKey,                 'symmetric_encryption/rsa_key'
-  autoload :Writer,                 'symmetric_encryption/writer'
-  autoload :CLI,                    'symmetric_encryption/cli'
-  autoload :Keystore,               'symmetric_encryption/keystore'
-  module Utils
-    autoload :Aws,                  'symmetric_encryption/utils/aws'
-    autoload :ReEncryptFiles,       'symmetric_encryption/utils/re_encrypt_files'
-  end
-end
-# @formatter:on
+require 'symmetric_encryption/core'
 
 # Add extensions. Gems are no longer order dependent.
 begin
@@ -36,26 +8,17 @@ rescue LoadError
 end
 
 begin
-  require 'active_record'
-  require 'symmetric_encryption/extensions/active_record/base'
-rescue LoadError
-end
-
-begin
-  require 'active_model'
-  require 'symmetric_encryption/railties/symmetric_encryption_validator'
-rescue LoadError
-end
+  require 'active_support'
+  ActiveSupport.on_load(:active_record) do
+    require 'symmetric_encryption/railties/attr_encrypted'
+    require 'symmetric_encryption/railties/symmetric_encryption_validator'
 
-begin
-  require 'mongoid'
-  require 'symmetric_encryption/extensions/mongoid/encrypted'
-rescue LoadError
-end
+    ActiveRecord::Base.include(SymmetricEncryption::Railties::AttrEncrypted)
+  end
 
-begin
-  require 'mongo_mapper'
-  warn 'MongoMapper support is deprecated. Please upgrade to Mongoid.'
-  require 'symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key'
+  ActiveSupport.on_load(:mongoid) do
+    require 'symmetric_encryption/railties/mongoid_encrypted'
+    require 'symmetric_encryption/railties/symmetric_encryption_validator'
+  end
 rescue LoadError
 end

data/lib/symmetric_encryption/cli.rb

@@ -8,7 +8,7 @@ module SymmetricEncryption
                 :environments, :cipher_name, :rolling_deploy, :rotate_keys, :rotate_kek, :prompt, :show_version,
                 :cleanup_keys, :activate_key, :migrate, :regions
 
-    KEYSTORES = %i[aws heroku environment file].freeze
+    KEYSTORES = %i[aws heroku environment file gcp].freeze
 
     def self.run!(argv)
       new(argv).run!
@@ -131,7 +131,7 @@ module SymmetricEncryption
           @generate = config
         end
 
-        opts.on '-s', '--keystore heroku|environment|file|aws', 'Which keystore to use during generation or re-encryption.' do |keystore|
+        opts.on '-s', '--keystore heroku|environment|file|aws|gcp', 'Which keystore to use during generation or re-encryption.' do |keystore|
           @keystore = (keystore || 'file').downcase.to_sym
         end
 

data/lib/symmetric_encryption/core.rb

@@ -0,0 +1,30 @@
+# Used for compression
+require 'zlib'
+# Used to coerce data types between string and their actual types
+require 'coercible'
+
+require 'symmetric_encryption/version'
+require 'symmetric_encryption/cipher'
+require 'symmetric_encryption/symmetric_encryption'
+require 'symmetric_encryption/exception'
+
+# @formatter:off
+module SymmetricEncryption
+  autoload :Coerce,                 'symmetric_encryption/coerce'
+  autoload :Config,                 'symmetric_encryption/config'
+  autoload :Encoder,                'symmetric_encryption/encoder'
+  autoload :Generator,              'symmetric_encryption/generator'
+  autoload :Header,                 'symmetric_encryption/header'
+  autoload :Key,                    'symmetric_encryption/key'
+  autoload :Reader,                 'symmetric_encryption/reader'
+  autoload :RSAKey,                 'symmetric_encryption/rsa_key'
+  autoload :Writer,                 'symmetric_encryption/writer'
+  autoload :CLI,                    'symmetric_encryption/cli'
+  autoload :Keystore,               'symmetric_encryption/keystore'
+  module Utils
+    autoload :Aws,                  'symmetric_encryption/utils/aws'
+    autoload :Files,                'symmetric_encryption/utils/files'
+    autoload :ReEncryptFiles,       'symmetric_encryption/utils/re_encrypt_files'
+  end
+end
+# @formatter:on

data/lib/symmetric_encryption/keystore.rb

@@ -4,6 +4,7 @@ module SymmetricEncryption
     # @formatter:off
     autoload :Aws,         'symmetric_encryption/keystore/aws'
     autoload :Environment, 'symmetric_encryption/keystore/environment'
+    autoload :Gcp,         'symmetric_encryption/keystore/gcp'
     autoload :File,        'symmetric_encryption/keystore/file'
     autoload :Heroku,      'symmetric_encryption/keystore/heroku'
     autoload :Memory,      'symmetric_encryption/keystore/memory'

data/lib/symmetric_encryption/keystore/aws.rb

@@ -1,4 +1,3 @@
-require 'base64'
 require 'aws-sdk-kms'
 module SymmetricEncryption
   module Keystore
@@ -51,6 +50,8 @@ module SymmetricEncryption
     #     - Loss of access to AWS accounts.
     #     - Loss of region(s) in which master keys are stored.
     class Aws
+      include Utils::Files
+
       attr_reader :region, :key_files, :master_key_alias
 
       # Returns [Hash] a new keystore configuration after generating the data key.
@@ -131,13 +132,8 @@ module SymmetricEncryption
         raise(SymmetricEncryption::ConfigError, "region: #{region} not available in the supplied key_files") unless key_file
 
         file_name = key_file[:file_name]
-        raise(SymmetricEncryption::ConfigError, 'file_name is mandatory for each key_file entry') unless file_name
-
-        raise(SymmetricEncryption::ConfigError, "File #{file_name} could not be found") unless ::File.exist?(file_name)
 
-        # TODO: Validate that file is not globally readable.
-        encoded_dek        = ::File.open(file_name, 'rb', &:read)
-        encrypted_data_key = Base64.strict_decode64(encoded_dek)
+        encrypted_data_key = read_file_and_decode(file_name)
         aws(region).decrypt(encrypted_data_key)
       end
 
@@ -150,24 +146,13 @@ module SymmetricEncryption
           raise(ArgumentError, 'region and file_name are mandatory for each key_file entry') unless region && file_name
 
           encrypted_data_key = aws(region).encrypt(data_key)
-          encoded_dek        = Base64.strict_encode64(encrypted_data_key)
-          write_to_file(file_name, encoded_dek)
+          write_encoded_to_file(file_name, encrypted_data_key)
         end
       end
 
       def aws(region)
         Utils::Aws.new(region: region, master_key_alias: master_key_alias)
       end
-
-      private
-
-      # Write to the supplied file_name, backing up the existing file if present
-      def write_to_file(file_name, data)
-        path = ::File.dirname(file_name)
-        ::FileUtils.mkdir_p(path) unless ::File.directory?(path)
-        ::File.rename(file_name, "#{file_name}.#{Time.now.to_i}") if ::File.exist?(file_name)
-        ::File.open(file_name, 'wb') { |file| file.write(data) }
-      end
     end
   end
 end

data/lib/symmetric_encryption/keystore/file.rb

@@ -1,6 +1,8 @@
 module SymmetricEncryption
   module Keystore
     class File
+      include Utils::Files
+
       attr_accessor :file_name, :key_encrypting_key
 
       # Returns [Hash] a new keystore configuration after generating the data key.
@@ -51,33 +53,18 @@ module SymmetricEncryption
               "Symmetric Encryption key file '#{file_name}' has the wrong "\
               "permissions: #{::File.stat(file_name).mode.to_s(8)}. Expected 100600.") unless correct_permissions?
 
-        data = read_from_file
+        data = read_from_file(file_name)
         key_encrypting_key ? key_encrypting_key.decrypt(data) : data
       end
 
       # Encrypt and write the key to file.
       def write(key)
         data = key_encrypting_key ? key_encrypting_key.encrypt(key) : key
-        write_to_file(data)
+        write_to_file(file_name, data)
       end
 
       private
 
-      # Read from the file, raising an exception if it is not found
-      def read_from_file
-        ::File.open(file_name, 'rb', &:read)
-      rescue Errno::ENOENT
-        raise(SymmetricEncryption::ConfigError, "Symmetric Encryption key file: '#{file_name}' not found or readable")
-      end
-
-      # Write to the supplied file_name, backing up the existing file if present
-      def write_to_file(data)
-        key_path = ::File.dirname(file_name)
-        ::FileUtils.mkdir_p(key_path) unless ::File.directory?(key_path)
-        ::File.rename(file_name, "#{file_name}.#{Time.now.to_i}") if ::File.exist?(file_name)
-        ::File.open(file_name, 'wb', 0600) { |file| file.write(data) }
-      end
-
       # Returns true if the file is owned by the user running this code and it
       # has the correct mode - readable and writable by its owner and no one 
       # else, much like the keys one has in ~/.ssh

data/lib/symmetric_encryption/keystore/gcp.rb

@@ -0,0 +1,87 @@
+require "google/cloud/kms/v1"
+
+module SymmetricEncryption
+  module Keystore
+    class Gcp
+      include Utils::Files
+
+      def self.generate_data_key(version: 0, cipher_name:, app_name:, environment:, key_path:)
+        version >= 255 ? (version = 1) : (version += 1)
+
+        dek      = SymmetricEncryption::Key.new(cipher_name: cipher_name)
+        file_name = "#{key_path}/#{app_name}_#{environment}_v#{version}.encrypted_key"
+        keystore = new(
+          key_file:    file_name,
+          app_name:    app_name,
+          environment: environment
+        )
+        keystore.write(dek.key)
+
+        {
+          keystore:         :gcp,
+          cipher_name:      dek.cipher_name,
+          version:          version,
+          key_file:         file_name,
+          iv:               dek.iv,
+          crypto_key:       keystore.crypto_key
+        }
+      end
+
+      def initialize(key_file:, app_name: nil, environment: nil, key_encrypting_key: nil, crypto_key: nil, project_id: nil, credentials: nil, location_id: nil)
+        @crypto_key = crypto_key
+        @app_name = app_name
+        @environment = environment
+        @file_name = key_file
+        @project_id = project_id
+        @credentials = credentials
+        @location_id = location_id
+      end
+
+      def read
+        decrypt(read_file_and_decode(file_name))
+      end
+
+      def write(data_key)
+        write_encoded_to_file(file_name, encrypt(data_key))
+      end
+
+      def crypto_key
+        @crypto_key ||= self.class::KMS::KeyManagementServiceClient.crypto_key_path(project_id, location_id, app_name, environment.to_s)
+      end
+
+      private
+
+      KMS = Google::Cloud::Kms::V1
+
+      attr_reader :app_name, :environment
+
+      def encrypt(plaintext)
+        client.encrypt(crypto_key, plaintext).ciphertext
+      end
+
+      def decrypt(ciphertext)
+        client.decrypt(crypto_key, ciphertext).plaintext
+      end
+
+      def client
+        self.class::KMS::KeyManagementServiceClient.new(timeout: 2, credentials: credentials)
+      end
+
+      def project_id
+        @project_id ||= ENV["GOOGLE_CLOUD_PROJECT"]
+        raise 'GOOGLE_CLOUD_PROJECT must be set' if @project_id.nil?
+        @project_id
+      end
+
+      def credentials
+        @credentials ||= ENV['GOOGLE_CLOUD_KEYFILE']
+        raise 'GOOGLE_CLOUD_KEYFILE must be set' if @credentials.nil?
+        @credentials
+      end
+
+      def location_id
+        @location_id ||= ENV["GOOGLE_CLOUD_LOCATION"] || 'global'
+      end
+    end
+  end
+end

data/lib/symmetric_encryption/railties/attr_encrypted.rb

@@ -0,0 +1,118 @@
+module SymmetricEncryption
+  module Railties
+    module AttrEncrypted
+      def self.included(base)
+        base.extend ClassMethods
+      end
+
+      module ClassMethods
+        # Transparently encrypt and decrypt values stored via ActiveRecord.
+        #
+        # Parameters:
+        # * Symbolic names of each method to create which has a corresponding
+        #   method already defined in rails starting with: encrypted_
+        # * Followed by an optional hash:
+        #     :random_iv [true|false]
+        #       Whether the encrypted value should use a random IV every time the
+        #       field is encrypted.
+        #       It is recommended to set this to true where feasible. If the encrypted
+        #       value could be used as part of a SQL where clause, or as part
+        #       of any lookup, then it must be false.
+        #       Setting random_iv to true will result in a different encrypted output for
+        #       the same input string.
+        #       Note: Only set to true if the field will never be used as part of
+        #         the where clause in an SQL query.
+        #       Note: When random_iv is true it will add a 8 byte header, plus the bytes
+        #         to store the random IV in every returned encrypted string, prior to the
+        #         encoding if any.
+        #       Default: false
+        #       Highly Recommended where feasible: true
+        #
+        #     :type [Symbol]
+        #       The type for this field, #see SymmetricEncryption::COERCION_TYPES
+        #       Default: :string
+        #
+        #     :compress [true|false]
+        #       Whether to compress str before encryption
+        #       Should only be used for large strings since compression overhead and
+        #       the overhead of adding the 'magic' header may exceed any benefits of
+        #       compression
+        #       Note: Adds a 6 byte header prior to encoding, only if :random_iv is false
+        #       Default: false
+        def attr_encrypted(*params)
+          # Ensure ActiveRecord has created all its methods first
+          # Ignore failures since the table may not yet actually exist
+          begin
+            define_attribute_methods
+          rescue StandardError
+            nil
+          end
+
+          options = params.last.is_a?(Hash) ? params.pop.dup : {}
+
+          params.each do |attribute|
+            SymmetricEncryption::Generator.generate_decrypted_accessors(self, attribute, "encrypted_#{attribute}", options)
+            encrypted_attributes[attribute.to_sym] = "encrypted_#{attribute}".to_sym
+          end
+        end
+
+        # Contains a hash of encrypted attributes with virtual attribute names as keys and real attribute
+        # names as values
+        #
+        # Example
+        #
+        #   class User < ActiveRecord::Base
+        #     attr_encrypted :email
+        #   end
+        #
+        #   User.encrypted_attributes  =>  { email: encrypted_email }
+        def encrypted_attributes
+          @encrypted_attributes ||= superclass.respond_to?(:encrypted_attributes) ? superclass.encrypted_attributes.dup : {}
+        end
+
+        # Return the name of all encrypted virtual attributes as an Array of symbols
+        # Example: [:email, :password]
+        def encrypted_keys
+          @encrypted_keys ||= encrypted_attributes.keys
+        end
+
+        # Return the name of all encrypted columns as an Array of symbols
+        # Example: [:encrypted_email, :encrypted_password]
+        def encrypted_columns
+          @encrypted_columns ||= encrypted_attributes.values
+        end
+
+        # Returns whether an attribute has been configured to be encrypted
+        #
+        # Example
+        #
+        #   class User < ActiveRecord::Base
+        #     attr_accessor :name
+        #     attr_encrypted :email
+        #   end
+        #
+        #   User.encrypted_attribute?(:name) # false
+        #   User.encrypted_attribute?(:email) # true
+        def encrypted_attribute?(attribute)
+          encrypted_keys.include?(attribute)
+        end
+
+        # Returns whether the attribute is the database column to hold the
+        # encrypted data for a matching encrypted attribute
+        #
+        # Example
+        #
+        #   class User < ActiveRecord::Base
+        #     attr_accessor :name
+        #     attr_encrypted :email
+        #   end
+        #
+        #   User.encrypted_column?(:encrypted_name) # false
+        #   User.encrypted_column?(:encrypted_email) # true
+        def encrypted_column?(attribute)
+          encrypted_columns.include?(attribute)
+        end
+      end
+    end
+  end
+end

data/lib/symmetric_encryption/utils/files.rb

@@ -0,0 +1,45 @@
+module SymmetricEncryption
+  module Utils
+    module Files
+      private
+
+      attr_reader :file_name
+
+      def read_file_and_decode(file_name)
+        raise(SymmetricEncryption::ConfigError, 'file_name is mandatory for each key_file entry') unless file_name
+
+        raise(SymmetricEncryption::ConfigError, "File #{file_name} could not be found") unless ::File.exist?(file_name)
+
+        # TODO: Validate that file is not globally readable.
+        decode64(read_from_file(file_name))
+      end
+
+      def write_encoded_to_file(file_name, encrypted_data_key)
+        write_to_file(file_name, encode64(encrypted_data_key))
+      end
+
+      def encode64(data)
+        Base64.strict_encode64(data)
+      end
+
+      def decode64(data)
+        Base64.strict_decode64(data)
+      end
+
+      # Write to the supplied file_name, backing up the existing file if present
+      def write_to_file(file_name, data)
+        key_path = ::File.dirname(file_name)
+        ::FileUtils.mkdir_p(key_path) unless ::File.directory?(key_path)
+        ::File.rename(file_name, "#{file_name}.#{Time.now.to_i}") if ::File.exist?(file_name)
+        ::File.open(file_name, 'wb', 0600) { |file| file.write(data) }
+      end
+
+      # Read from the file, raising an exception if it is not found
+      def read_from_file(file_name)
+        ::File.open(file_name, 'rb', &:read)
+      rescue Errno::ENOENT
+        raise(SymmetricEncryption::ConfigError, "Symmetric Encryption key file: '#{file_name}' not found or readable")
+      end
+    end
+  end
+end

data/lib/symmetric_encryption/version.rb

@@ -1,3 +1,3 @@
 module SymmetricEncryption
-  VERSION = '4.1.4'.freeze
+  VERSION = '4.2.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: symmetric-encryption
 version: !ruby/object:Gem::Version
-  version: 4.1.4
+  version: 4.2.0
 platform: ruby
 authors:
 - Reid Morrison
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-12 00:00:00.000000000 Z
+date: 2019-02-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: coercible
@@ -42,11 +42,9 @@ files:
 - lib/symmetric_encryption/cli.rb
 - lib/symmetric_encryption/coerce.rb
 - lib/symmetric_encryption/config.rb
+- lib/symmetric_encryption/core.rb
 - lib/symmetric_encryption/encoder.rb
 - lib/symmetric_encryption/exception.rb
-- lib/symmetric_encryption/extensions/active_record/base.rb
-- lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb
-- lib/symmetric_encryption/extensions/mongoid/encrypted.rb
 - lib/symmetric_encryption/generator.rb
 - lib/symmetric_encryption/header.rb
 - lib/symmetric_encryption/key.rb
@@ -54,14 +52,18 @@ files:
 - lib/symmetric_encryption/keystore/aws.rb
 - lib/symmetric_encryption/keystore/environment.rb
 - lib/symmetric_encryption/keystore/file.rb
+- lib/symmetric_encryption/keystore/gcp.rb
 - lib/symmetric_encryption/keystore/heroku.rb
 - lib/symmetric_encryption/keystore/memory.rb
 - lib/symmetric_encryption/railtie.rb
+- lib/symmetric_encryption/railties/attr_encrypted.rb
+- lib/symmetric_encryption/railties/mongoid_encrypted.rb
 - lib/symmetric_encryption/railties/symmetric_encryption_validator.rb
 - lib/symmetric_encryption/reader.rb
 - lib/symmetric_encryption/rsa_key.rb
 - lib/symmetric_encryption/symmetric_encryption.rb
 - lib/symmetric_encryption/utils/aws.rb
+- lib/symmetric_encryption/utils/files.rb
 - lib/symmetric_encryption/utils/re_encrypt_files.rb
 - lib/symmetric_encryption/version.rb
 - lib/symmetric_encryption/writer.rb

data/lib/symmetric_encryption/extensions/active_record/base.rb

@@ -1,110 +0,0 @@
-module ActiveRecord #:nodoc:
-  class Base
-    # Transparently encrypt and decrypt values stored via ActiveRecord.
-    #
-    # Parameters:
-    # * Symbolic names of each method to create which has a corresponding
-    #   method already defined in rails starting with: encrypted_
-    # * Followed by an optional hash:
-    #     :random_iv [true|false]
-    #       Whether the encrypted value should use a random IV every time the
-    #       field is encrypted.
-    #       It is recommended to set this to true where feasible. If the encrypted
-    #       value could be used as part of a SQL where clause, or as part
-    #       of any lookup, then it must be false.
-    #       Setting random_iv to true will result in a different encrypted output for
-    #       the same input string.
-    #       Note: Only set to true if the field will never be used as part of
-    #         the where clause in an SQL query.
-    #       Note: When random_iv is true it will add a 8 byte header, plus the bytes
-    #         to store the random IV in every returned encrypted string, prior to the
-    #         encoding if any.
-    #       Default: false
-    #       Highly Recommended where feasible: true
-    #
-    #     :type [Symbol]
-    #       The type for this field, #see SymmetricEncryption::COERCION_TYPES
-    #       Default: :string
-    #
-    #     :compress [true|false]
-    #       Whether to compress str before encryption
-    #       Should only be used for large strings since compression overhead and
-    #       the overhead of adding the 'magic' header may exceed any benefits of
-    #       compression
-    #       Note: Adds a 6 byte header prior to encoding, only if :random_iv is false
-    #       Default: false
-    def self.attr_encrypted(*params)
-      # Ensure ActiveRecord has created all its methods first
-      # Ignore failures since the table may not yet actually exist
-      begin
-        define_attribute_methods
-      rescue StandardError
-        nil
-      end
-
-      options = params.last.is_a?(Hash) ? params.pop.dup : {}
-
-      params.each do |attribute|
-        SymmetricEncryption::Generator.generate_decrypted_accessors(self, attribute, "encrypted_#{attribute}", options)
-        encrypted_attributes[attribute.to_sym] = "encrypted_#{attribute}".to_sym
-      end
-    end
-
-    # Contains a hash of encrypted attributes with virtual attribute names as keys and real attribute
-    # names as values
-    #
-    # Example
-    #
-    #   class User < ActiveRecord::Base
-    #     attr_encrypted :email
-    #   end
-    #
-    #   User.encrypted_attributes  =>  { email: encrypted_email }
-    def self.encrypted_attributes
-      @encrypted_attributes ||= superclass.respond_to?(:encrypted_attributes) ? superclass.encrypted_attributes.dup : {}
-    end
-
-    # Return the name of all encrypted virtual attributes as an Array of symbols
-    # Example: [:email, :password]
-    def self.encrypted_keys
-      @encrypted_keys ||= encrypted_attributes.keys
-    end
-
-    # Return the name of all encrypted columns as an Array of symbols
-    # Example: [:encrypted_email, :encrypted_password]
-    def self.encrypted_columns
-      @encrypted_columns ||= encrypted_attributes.values
-    end
-
-    # Returns whether an attribute has been configured to be encrypted
-    #
-    # Example
-    #
-    #   class User < ActiveRecord::Base
-    #     attr_accessor :name
-    #     attr_encrypted :email
-    #   end
-    #
-    #   User.encrypted_attribute?(:name) # false
-    #   User.encrypted_attribute?(:email) # true
-    def self.encrypted_attribute?(attribute)
-      encrypted_keys.include?(attribute)
-    end
-
-    # Returns whether the attribute is the database column to hold the
-    # encrypted data for a matching encrypted attribute
-    #
-    # Example
-    #
-    #   class User < ActiveRecord::Base
-    #     attr_accessor :name
-    #     attr_encrypted :email
-    #   end
-    #
-    #   User.encrypted_column?(:encrypted_name) # false
-    #   User.encrypted_column?(:encrypted_email) # true
-    def self.encrypted_column?(attribute)
-      encrypted_columns.include?(attribute)
-    end
-  end
-end

data/lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb

@@ -1,41 +0,0 @@
-#
-# DEPRECATED !!!
-#
-module MongoMapper
-  module Plugins
-    module EncryptedKey
-      extend ActiveSupport::Concern
-
-      COERCION_MAP = {
-        String     => :string,
-        Integer    => :integer,
-        Float      => :float,
-        BigDecimal => :decimal,
-        DateTime   => :datetime,
-        Time       => :time,
-        Date       => :date,
-        Boolean    => :boolean,
-        Hash       => :json
-      }.freeze
-
-      module ClassMethods
-        def encrypted_key(key_name, type, full_options = {})
-          full_options = full_options.is_a?(Hash) ? full_options.dup : {}
-          options      = full_options.delete(:encrypted) || {}
-          # Support overriding the name of the decrypted attribute
-          encrypted_key_name = options.delete(:encrypt_as) || "encrypted_#{key_name}"
-          options[:type]     = COERCION_MAP[type] unless %i[yaml json].include?(options[:type])
-
-          raise(ArgumentError, "Invalid type: #{type.inspect}. Valid types: #{COERCION_MAP.keys.join(',')}") unless options[:type]
-
-          SymmetricEncryption::Generator.generate_decrypted_accessors(self, key_name, encrypted_key_name, options)
-
-          key(encrypted_key_name, String, full_options)
-        end
-      end
-    end
-  end
-end
-
-MongoMapper::Document.plugin(MongoMapper::Plugins::EncryptedKey)
-MongoMapper::EmbeddedDocument.plugin(MongoMapper::Plugins::EncryptedKey)