vault-rails 0.8.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9d1495e96fb575962f54ab1046322ba914262ccd1c6510608969098910b26722
-  data.tar.gz: 0a8c14b4e9b9657c8c3d8d69130a7ffd322ee12110df6f19058b612e7951c547
+  metadata.gz: 2cb9b608c70662fc9e761cbed5eaf27dd34382e502ffdc9fbf8a2d847309b65d
+  data.tar.gz: c7d1746c9807cb13771757a55e2c06077dca2a376d497c145194f57ca27a34c9
 SHA512:
-  metadata.gz: a4864910f4373d375b1950b98f97fab013b4954939fabdb0cadede4fc1e22d082c5e6658621c03b163964b64de7d33695f02538bd4f6ac89bd2c37f228a0b0f5
-  data.tar.gz: 3484a4c69580aeb6095b3b488ef8f8ed40fc0bb892f33104ad4dd8d852b8d403b6a0c70240264b9347fde8fbe1065e97d51d1b344c0972bc0407b7ef235c046b
+  metadata.gz: 8e2bb2b378c2707f7e2a2d14f68b16522e0817afbaa3f0c4850a595e4b1cec07abe6a9ae351347a334c9fe7455b9860c7f3870b8fa85ddfc62636d752420f67e
+  data.tar.gz: 79e817496fc0b5a30a281ecbdc4f9b86d2b575d091dde48f62380a4d80812c7af8409400f5155d84cba13477c7c9c3a0e317970dea79ab1038c81b00d87855e5

data/LICENSE

@@ -1,3 +1,5 @@
+Copyright (c) 2015 HashiCorp, Inc.
+
 Mozilla Public License, version 2.0
 
 1. Definitions

data/README.md

@@ -104,7 +104,7 @@ vault_attribute :credit_card,
 - **Note** This value **cannot** be the same name as the vault attribute!
 
 #### Specifying a custom key
-By default, the name of the key in Vault is `#{app}_#{table}_#{column}`. This is customizable by setting the `:key` option when declaring the attribute:
+By default, the name of the key in Vault is `#{app}_#{table}_#{attribute}`. This is customizable by setting the `:key` option when declaring the attribute:
 
 ```ruby
 vault_attribute :credit_card,
@@ -332,6 +332,21 @@ So for the example above, the key would be:
 
     my_app_people_ssn
 
+### Encrypting without Saving
+Normally, vault-rails will wait until the after_save callback to encrypt changed
+values before updating them. If you'd like to encrypt changed attributes without
+saving, call `vault_encrypt_attributes!`
+
+```ruby
+p = Person.new(ssn: "123-45-6789")
+p.ssn_encrypted
+=> nil
+p.vault_encrypt_attributes!
+p.ssn_encrypted
+=> "vault:dev:flu/yp9oeYYFgjcZH2hVBA=="
+p.persisted?
+=> false
+```
 
 ### Searching Encrypted Attributes
 Because each column is uniquely encrypted, it is not possible to search for a
@@ -345,7 +360,6 @@ Person.where(ssn: "123-45-6789")
 This is because the database is unaware of the plain-text data (which is part of
 the security model).
 
-
 Development
 -----------
 ↥ [back to top](#table-of-contents)

data/lib/vault/encrypted_model.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "active_support/concern"
 
 module Vault
@@ -322,12 +325,7 @@ module Vault
       # Encrypt a single attribute using Vault and persist back onto the
       # encrypted attribute value.
       def __vault_persist_attribute!(attribute, options)
-        key        = options[:key]
-        path       = options[:path]
-        serializer = options[:serializer]
-        column     = options[:encrypted_column]
-        context    = options[:context]
-        transform  = options[:transform_secret]
+        column = options[:encrypted_column]
 
         # Only persist changed attributes to minimize requests - this helps
         # minimize the number of requests to Vault.
@@ -343,6 +341,19 @@ module Vault
 
         # Get the current value of the plaintext attribute
         plaintext = attributes[attribute.to_s]
+        ciphertext = __vault_write_encrypted_attribute!(plaintext, options)
+
+        # Return the updated column so we can save
+        { column => ciphertext }
+      end
+
+      def __vault_write_encrypted_attribute!(plaintext, options)
+        column     = options[:encrypted_column]
+        key        = options[:key]
+        path       = options[:path]
+        serializer = options[:serializer]
+        context    = options[:context]
+        transform  = options[:transform_secret]
 
         # Apply the serialize to the plaintext value, if one exists
         if serializer
@@ -369,8 +380,7 @@ module Vault
         # to get the ciphertext
         write_attribute(column, ciphertext)
 
-        # Return the updated column so we can save
-        { column => ciphertext }
+        ciphertext
       end
 
       # Generates an Vault Transit encryption context for use on derived keys.
@@ -402,6 +412,18 @@ module Vault
           self.__vault_initialize_attributes!
         end
       end
+
+      def vault_encrypt_attributes!
+        self.class.__vault_attributes.each do |attribute, options|
+          next if !attribute_changed?(attribute) && options[:default].nil?
+
+          # Get the current value of the plaintext attribute
+          plaintext = attributes[attribute.to_s]
+
+          __vault_write_encrypted_attribute!(plaintext, options)
+        end
+        self
+      end
     end
   end
 end

data/lib/vault/rails/configurable.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   module Rails
     module Configurable

data/lib/vault/rails/errors.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   module Rails
     class VaultRailsError < RuntimeError; end

data/lib/vault/rails/json_serializer.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   module Rails
     module JSONSerializer

data/lib/vault/rails/version.rb

@@ -1,5 +1,8 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 module Vault
   module Rails
-    VERSION = "0.8.0"
+    VERSION = "0.10.0"
   end
 end

data/lib/vault/rails.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "vault"
 
 require "base64"

data/spec/dummy/app/models/lazy_person.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "binary_serializer"
 
 class LazyPerson < ActiveRecord::Base

data/spec/dummy/app/models/lazy_single_person.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 
 class LazySinglePerson < ActiveRecord::Base
   include Vault::EncryptedModel

data/spec/dummy/app/models/person.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "binary_serializer"
 
 class Person < ActiveRecord::Base

data/spec/dummy/config/application.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require File.expand_path('../boot', __FILE__)
 
 # Pick the frameworks you want:

data/spec/dummy/config/boot.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Set up gems listed in the Gemfile.
 ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
 

data/spec/dummy/config/database.yml

@@ -1,12 +1,14 @@
-default: &default
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+development:
   adapter: sqlite3
   pool: 5
   timeout: 5000
-
-development:
-  <<: *default
   database: db/development.sqlite3
 
 test:
-  <<: *default
+  adapter: sqlite3
+  pool: 5
+  timeout: 5000
   database: db/test.sqlite3

data/spec/dummy/config/environment.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Load the Rails application.
 require File.expand_path('../application', __FILE__)
 

data/spec/dummy/config/environments/development.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 

data/spec/dummy/config/environments/test.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 

data/spec/dummy/config/initializers/assets.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Be sure to restart your server when you modify this file.
 
 # Version of your assets, change this if you want to expire all your assets.

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Be sure to restart your server when you modify this file.
 
 # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.

data/spec/dummy/config/initializers/cookies_serializer.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Be sure to restart your server when you modify this file.
 
 Rails.application.config.action_dispatch.cookies_serializer = :json

data/spec/dummy/config/initializers/filter_parameter_logging.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Be sure to restart your server when you modify this file.
 
 # Configure sensitive parameters which will be filtered from the log file.

data/spec/dummy/config/initializers/inflections.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Be sure to restart your server when you modify this file.
 
 # Add new inflection rules using the following format. Inflections

data/spec/dummy/config/initializers/mime_types.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Be sure to restart your server when you modify this file.
 
 # Add new mime types for use in respond_to blocks:

data/spec/dummy/config/initializers/session_store.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Be sure to restart your server when you modify this file.
 
 Rails.application.config.session_store :cookie_store, key: '_dummy_session'

data/spec/dummy/config/initializers/vault.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 require "vault/rails"
 
 require_relative "../../../support/vault_server"

data/spec/dummy/config/initializers/wrap_parameters.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Be sure to restart your server when you modify this file.
 
 # This file contains settings for ActionController::ParamsWrapper which

data/spec/dummy/config/locales/en.yml

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Files in the config/locales directory are used for internationalization
 # and are automatically loaded by Rails. If you want to use locales other
 # than English, add the necessary files in this directory.

data/spec/dummy/config/routes.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 Rails.application.routes.draw do
 
 end

data/spec/dummy/config/secrets.yml

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Be sure to restart your server when you modify this file.
 
 # Your secret key is used for verifying the integrity of signed cookies.

data/spec/dummy/config.ru

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # This file is used by Rack-based servers to start the application.
 
 require ::File.expand_path('../config/environment',  __FILE__)

data/spec/dummy/db/migrate/20150428220101_create_people.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 class CreatePeople < ActiveRecord::Migration[4.2]
   def change
     create_table :people do |t|

data/spec/dummy/db/schema.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # This file is auto-generated from the current state of the database. Instead
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.

data/spec/dummy/lib/binary_serializer.rb

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # Encodes and decodes binary data.
 module BinarySerializer
   def self.encode(raw)