vault-rails 0.9.0 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +16 -2
  3. data/lib/vault/encrypted_model.rb +27 -8
  4. data/lib/vault/rails/version.rb +1 -1
  5. data/spec/dummy/db/development.sqlite3 +0 -0
  6. data/spec/dummy/db/test.sqlite3 +0 -0
  7. data/spec/dummy/log/development.log +17950 -1208
  8. data/spec/integration/rails_spec.rb +37 -0
  9. metadata +3 -5
  10. data/spec/dummy/log/test.log +0 -400
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c055664571a8c3823f5628d70a444685157ac01635896d286ae6fadba332507c
4
- data.tar.gz: e40a6d7dccccb60d82bf0ac941233a3ce1cb8f623d30ccc3d71b317ec3fbb392
3
+ metadata.gz: 2cb9b608c70662fc9e761cbed5eaf27dd34382e502ffdc9fbf8a2d847309b65d
4
+ data.tar.gz: c7d1746c9807cb13771757a55e2c06077dca2a376d497c145194f57ca27a34c9
5
5
  SHA512:
6
- metadata.gz: 5b0b4e77c0c06bf3185db3e255aaeb1d184a2fe2c3c422e507d77e1099c85af0bf02b64ff69fe2941950c645572d53ed9705433d99be9e4ff92d60e95412affb
7
- data.tar.gz: 6fe948db7a47f95b2b961102ef476ae339b1b6f8ffe0fcecb08c8aaad1b9df19d611efe31a42835de8a8080ef38e4bf7bf9188f3e089c539ab14edb2aea4cf07
6
+ metadata.gz: 8e2bb2b378c2707f7e2a2d14f68b16522e0817afbaa3f0c4850a595e4b1cec07abe6a9ae351347a334c9fe7455b9860c7f3870b8fa85ddfc62636d752420f67e
7
+ data.tar.gz: 79e817496fc0b5a30a281ecbdc4f9b86d2b575d091dde48f62380a4d80812c7af8409400f5155d84cba13477c7c9c3a0e317970dea79ab1038c81b00d87855e5
data/README.md CHANGED
@@ -104,7 +104,7 @@ vault_attribute :credit_card,
104
104
  - **Note** This value **cannot** be the same name as the vault attribute!
105
105
 
106
106
  #### Specifying a custom key
107
- By default, the name of the key in Vault is `#{app}_#{table}_#{column}`. This is customizable by setting the `:key` option when declaring the attribute:
107
+ By default, the name of the key in Vault is `#{app}_#{table}_#{attribute}`. This is customizable by setting the `:key` option when declaring the attribute:
108
108
 
109
109
  ```ruby
110
110
  vault_attribute :credit_card,
@@ -332,6 +332,21 @@ So for the example above, the key would be:
332
332
 
333
333
  my_app_people_ssn
334
334
 
335
+ ### Encrypting without Saving
336
+ Normally, vault-rails will wait until the after_save callback to encrypt changed
337
+ values before updating them. If you'd like to encrypt changed attributes without
338
+ saving, call `vault_encrypt_attributes!`
339
+
340
+ ```ruby
341
+ p = Person.new(ssn: "123-45-6789")
342
+ p.ssn_encrypted
343
+ => nil
344
+ p.vault_encrypt_attributes!
345
+ p.ssn_encrypted
346
+ => "vault:dev:flu/yp9oeYYFgjcZH2hVBA=="
347
+ p.persisted?
348
+ => false
349
+ ```
335
350
 
336
351
  ### Searching Encrypted Attributes
337
352
  Because each column is uniquely encrypted, it is not possible to search for a
@@ -345,7 +360,6 @@ Person.where(ssn: "123-45-6789")
345
360
  This is because the database is unaware of the plain-text data (which is part of
346
361
  the security model).
347
362
 
348
-
349
363
  Development
350
364
  -----------
351
365
  ↥ [back to top](#table-of-contents)
data/lib/vault/encrypted_model.rb CHANGED
@@ -325,12 +325,7 @@ module Vault
325
325
  # Encrypt a single attribute using Vault and persist back onto the
326
326
  # encrypted attribute value.
327
327
  def __vault_persist_attribute!(attribute, options)
328
- key = options[:key]
329
- path = options[:path]
330
- serializer = options[:serializer]
331
- column = options[:encrypted_column]
332
- context = options[:context]
333
- transform = options[:transform_secret]
328
+ column = options[:encrypted_column]
334
329
 
335
330
  # Only persist changed attributes to minimize requests - this helps
336
331
  # minimize the number of requests to Vault.
@@ -346,6 +341,19 @@ module Vault
346
341
 
347
342
  # Get the current value of the plaintext attribute
348
343
  plaintext = attributes[attribute.to_s]
344
+ ciphertext = __vault_write_encrypted_attribute!(plaintext, options)
345
+
346
+ # Return the updated column so we can save
347
+ { column => ciphertext }
348
+ end
349
+
350
+ def __vault_write_encrypted_attribute!(plaintext, options)
351
+ column = options[:encrypted_column]
352
+ key = options[:key]
353
+ path = options[:path]
354
+ serializer = options[:serializer]
355
+ context = options[:context]
356
+ transform = options[:transform_secret]
349
357
 
350
358
  # Apply the serialize to the plaintext value, if one exists
351
359
  if serializer
@@ -372,8 +380,7 @@ module Vault
372
380
  # to get the ciphertext
373
381
  write_attribute(column, ciphertext)
374
382
 
375
- # Return the updated column so we can save
376
- { column => ciphertext }
383
+ ciphertext
377
384
  end
378
385
 
379
386
  # Generates an Vault Transit encryption context for use on derived keys.
@@ -405,6 +412,18 @@ module Vault
405
412
  self.__vault_initialize_attributes!
406
413
  end
407
414
  end
415
+
416
+ def vault_encrypt_attributes!
417
+ self.class.__vault_attributes.each do |attribute, options|
418
+ next if !attribute_changed?(attribute) && options[:default].nil?
419
+
420
+ # Get the current value of the plaintext attribute
421
+ plaintext = attributes[attribute.to_s]
422
+
423
+ __vault_write_encrypted_attribute!(plaintext, options)
424
+ end
425
+ self
426
+ end
408
427
  end
409
428
  end
410
429
  end
data/lib/vault/rails/version.rb CHANGED
@@ -3,6 +3,6 @@
3
3
 
4
4
  module Vault
5
5
  module Rails
6
- VERSION = "0.9.0"
6
+ VERSION = "0.10.0"
7
7
  end
8
8
  end
data/spec/dummy/db/development.sqlite3 CHANGED
Binary file
data/spec/dummy/db/test.sqlite3 CHANGED
Binary file