voynich 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 509ed50db8b90719408efd476aee02ea1fd76027
+  data.tar.gz: 06abb19e5e8d27374140e7d3fc8c9971f8f47d8f
+SHA512:
+  metadata.gz: b94f26b7e69829f516ad7c580addadb2e536ca785263dc094c3eac83174f25765ec0d4f177bbb4b679e5b2f7f08a4f654a4f9e7babbab95aaec760d7836993ce
+  data.tar.gz: 9d393b53a46256eb334d39a2dd23f45f7e9787770c664ba2497dfd8e5b143d47f138151ae7a60413b495d0f274b46ae47b6f8e35c10fce0771cb81f00a50057b

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,13 @@
+language: ruby
+before_install: gem install bundler -v 1.10.6
+sudo: false
+cache:
+  bundler: true
+rvm:
+- 2.2
+- 2.3.0
+script:
+- bundle exec rspec
+notifications:
+  slack:
+    secure: R7BJ/vBOyKyqZrR999aArVourPQRixkA7CjUTl27hC4aZyO/XXwImcNovn+P+1d/R6mJ7yPBV4sTchga+AEhieNlOp/v2vBuQUi44li7GgIU5s/tgah+hgXpmgZE84cP0XcdubAMR7467YHlU/XvpCjtvVYFt1wAaVKGmftum1YP84GVOKnd4b1qFncJp4IIJDlMWOe8BxWWTkThWEhaYT+hGEO/mfGTNZiawHlsMFFedxZaXLqh2QVNeulfYYNhcyOdHDF0E8WBwvYOk/NyfW/prISPA64CJAAgglnQzXUdzhDJobbDcsl0c07J/7P+SDXhxzielPia0pV7IP+1htQs2OxKGdYuxF6hXr0VbWnBXP1vKP0yaxdaoI6mZG5Fm7m+D5IFbBlRvgZjd15IO3ThdykFbse9wRva5OSNcEB4HbqwsuqvojnqkgyJaHxQ29KucuFdHFfONdFZsCYezsNR9aPhA3jRbrGmY/vFY6mwcTmBi+p7+63xhPRXpuPTv+CKhoO0ZRN/w2avC2+jsFZDjR7o50QcFgPvYs6m0fENfvh03ubjMyKcS2y7A5gwpypzC9lkagkI8sE4Wna1iZnknHG5nBCkSPtd7/MGC7G0aiyikHlXf/4S/j0D9k9Pr0t+8ojnQWM0nfawoNpqBjwTpB561debYplpYlp/T4I=

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+group :test do
+  gem "sqlite3"
+  gem 'database_cleaner'
+end
+# Specify your gem's dependencies in voynich.gemspec
+gemspec

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2016 Kazunori Kajihiro
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,94 @@
+# Voynich
+
+Voynich is a secret storage library for Ruby on Rails backed by Amazon Key Management Service (KMS)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'voynich', github: 'degica/voynich'
+```
+
+And then execute:
+
+    $ bundle
+    
+### Generate Migration File
+
+    $ rails g voynich:active_record
+    $ rake db:migrate
+    
+## Configuration
+
+Add this code to your initializer
+
+```ruby
+Voynich.configure(
+  aws_access_key_id: 'aakid',
+  aws_secret_access_key: 'asak',
+  kms_cmk_id: 'cmk_id',
+  aws_region: 'us-east-1'
+)
+```
+
+## Usage
+
+Voynich provides 2 types of interfaces.
+
+### Storage interface
+
+`Storage` provides generic accessors for encrypted attributes.
+
+```ruby
+## Create new encrypted data
+### `create` method creates a new data key using KMS API and save the encrypted version of the key,
+### then encrypt the plain value passed as an argument, save it, and return the UUID of the saved value
+uuid = Voynich::Storage.new.create({credit_card: {number: "411111111111"}})
+# => "131cd6e8-03da-48f7-bf99-672429c94e3f"
+
+## Get decrypted data
+### decrypting can be done by passing the UUID to `decrypt` method
+data = Voynich::Storage.new.decrypt(uuid)
+# => {credit_card: {number: "411111111111"}}
+```
+
+### ActiveModel integration
+
+If you use Voynich with ActiveRecord models, you can use `Voynich::ActiveModel::Model` module to integrate your model with Voynich tables. 
+
+To use the module, run the following command. It will generate a migration file and add some lines to your model file.
+
+    $ rails g voynich:model_attribute YourModel model_attribute
+    
+Now the attribute is managed by Voynich
+
+```ruby
+model = YourModel.new
+# You can assign any type of data
+model.secret_data = {card_number: '1234567890123456'}
+
+# when the model is saved, encrypted data and key is created
+model.save
+
+# You can see the UUID of the voynich data is assigned
+model.voynich_secret_data_value
+# => #<Voynich::ActiveRecord::Value id: 1, data_key_id: 1, uuid: "...", ciphertext: "{\"c\":\"chD9hCWePs+Cqg...">
+
+# You can get decrypted data just like a normal attribute
+model.secret_data # => {card_number: '1234567890123456'}
+```
+
+## TODO
+
+- [ ] Data key rotation
+- [ ] Path based tree structure
+- [ ] S3 adapter
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/degica/voynich.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "voynich"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/generators/voynich/active_record_generator.rb

@@ -0,0 +1,18 @@
+require "rails/generators/migration"
+require "rails/generators/active_record"
+
+module Voynich
+  class ActiveRecordGenerator < Rails::Generators::Base
+    include Rails::Generators::Migration
+
+    source_paths << File.join(File.dirname(__FILE__), "templates")
+
+    def create_migration_file
+      migration_template "migration.rb", "db/migrate/create_voynich_tables.rb"
+    end
+
+    def self.next_migration_number(dirname)
+      ::ActiveRecord::Generators::Base.next_migration_number dirname
+    end
+  end
+end

data/lib/generators/voynich/model_attribute_generator.rb

@@ -0,0 +1,33 @@
+require "rails/generators/migration"
+require "rails/generators/active_record"
+
+module Voynich
+  class ModelAttributeGenerator < Rails::Generators::Base
+    argument :model_class_name, type: :string
+    argument :attribute_name, type: :string
+
+    def include_module
+      inject_into_file(model_file_path, after: %r{class\s+#{model_class_name}\s+<\s+ActiveRecord::Base\n}) do <<-'RUBY'
+  include Voynich::ActiveModel::Model
+RUBY
+      end
+    end
+
+    def add_voynich_attribute
+      inject_into_file(model_file_path, after: "include Voynich::ActiveModel::Model\n",) do <<-RUBY
+  voynich_attribute :#{attribute_name}
+RUBY
+      end
+    end
+
+    def generate_migration
+      generate "migration", "AddVoynich#{attribute_name.classify}ValueIdTo#{model_class_name.pluralize} voynich_#{attribute_name}_value_id:integer"
+    end
+
+    private
+
+    def model_file_path
+      File.join("app", "models", "#{model_class_name.underscore}.rb")
+    end
+  end
+end

data/lib/generators/voynich/templates/migration.rb

@@ -0,0 +1,18 @@
+class CreateVoynichTables < ActiveRecord::Migration
+  def change
+    create_table(:voynich_data_keys) do |t|
+      t.string :name, null: false
+      t.string :cmk_id, null: false
+      t.text :ciphertext, null: false
+    end
+
+    create_table(:voynich_values) do |t|
+      t.references :data_key, index: true, null: false
+      t.string :uuid, null: false
+      t.text :ciphertext, null: false
+    end
+
+    add_index :voynich_data_keys, :name, unique: true
+    add_index :voynich_values, :uuid, unique: true
+  end
+end

data/lib/voynich/active_model/model.rb

@@ -0,0 +1,84 @@
+require 'active_support/concern'
+
+module Voynich
+  module ActiveModel
+    module Model
+      extend ActiveSupport::Concern
+
+      included do
+        delegate :voynich_targets, to: :class
+        delegate :voynich_column_name, to: :class
+        before_save :voynich_store_attributes
+      end
+
+      def voynich_context(name)
+        context_proc = voynich_targets[name.to_sym][:context]
+        if context_proc
+          context_proc.call(self)
+        else
+          {}
+        end
+      end
+
+      def voynich_store_attributes
+        voynich_targets.each do |name, options|
+          iv = instance_variable_get(:"@#{name}")
+          next if iv.nil?
+
+          column_name = voynich_column_name(name)
+          value = send(column_name) || send("build_#{column_name}")
+          value.context = voynich_context(name)
+          value.plain_value = iv
+          value.save!
+        end
+      end
+
+      VOYNICH_DEFAULT_OPTIONS = {
+        column_prefix: 'voynich_',
+        column_suffix: '_value',
+        context: nil
+      }
+
+      module ClassMethods
+        def voynich_targets
+          @voynich_targets ||= {}
+        end
+
+        def voynich_column_name(name)
+          options = voynich_targets[name.to_sym]
+          "#{options[:column_prefix]}#{name}#{options[:column_suffix]}"
+        end
+
+        def voynich_attribute(name, options = {})
+          options = VOYNICH_DEFAULT_OPTIONS.merge(options)
+          voynich_targets[name.to_sym] = options
+          asoc_options = options.
+                         merge(class_name: "::Voynich::ActiveRecord::Value").
+                         reject{|k| VOYNICH_DEFAULT_OPTIONS.keys.include? k}
+
+          belongs_to :"#{voynich_column_name(name)}", asoc_options
+
+          private :"#{voynich_column_name(name)}="
+
+          define_method(name) do
+            value = send(voynich_column_name(name))
+            iv = instance_variable_get(:"@#{name}")
+            return iv unless iv.nil?
+            return nil if value.nil?
+            value.context = voynich_context(name)
+            instance_variable_set(:"@#{name}", value.decrypt)
+          end
+
+          define_method("#{name}=") do |val|
+            instance_variable_set(:"@#{name}", val)
+          end
+
+          define_method("#{name}?") do
+            value = send(name)
+            value.respond_to?(:empty?) ? !value.empty? : !!value
+          end
+        end
+      end
+    end
+  end
+end

data/lib/voynich/active_record/models/data_key.rb

@@ -0,0 +1,51 @@
+module Voynich
+  module ActiveRecord
+    class DataKey < ::ActiveRecord::Base
+      self.table_name_prefix = 'voynich_'
+
+      attr_writer :plaintext
+
+      has_many :values, class_name: "Voynich::ActiveRecord::Value", dependent: :destroy
+
+      validates :name, presence: true, uniqueness: true
+      validates :cmk_id, presence: true
+      validates :ciphertext, presence: true
+
+      before_validation :generate_data_key, if: -> (m) { m.ciphertext.nil? }
+
+      def reencrypt!
+        result = client.reencrypt(ciphertext)
+        self.ciphertext = result.ciphertext
+        save!
+      end
+
+      def plaintext
+        return @plaintext unless @plaintext.nil?
+        if ciphertext.nil?
+          generate_data_key
+        else
+          decrypt_data_key
+        end
+        @plaintext
+      end
+
+      private
+
+      def client
+        KMSDataKeyClient.new(cmk_id)
+      end
+
+      def generate_data_key
+        result = client.generate
+        self.ciphertext = result.ciphertext
+        self.plaintext  = result.plaintext
+      end
+
+      def decrypt_data_key
+        result = client.decrypt(ciphertext)
+        self.ciphertext = result.ciphertext
+        self.plaintext  = result.plaintext
+      end
+    end
+  end
+end

data/lib/voynich/active_record/models/value.rb

@@ -0,0 +1,56 @@
+require 'securerandom'
+
+module Voynich
+  module ActiveRecord
+    class Value < ::ActiveRecord::Base
+      self.table_name_prefix = 'voynich_'
+
+      attr_accessor :plain_value, :context
+
+      belongs_to :data_key, required: true, class_name: "Voynich::ActiveRecord::DataKey"
+
+      validates :uuid, presence: true, uniqueness: true
+      validates :ciphertext, presence: true
+
+      before_validation :generate_uuid, on: :create
+      before_validation :find_or_create_data_key
+      before_validation :encrypt
+
+      def decrypt
+        encrypted_data = JSON.parse(self.ciphertext, symbolize_names: true)
+        @plain_value = AES.new(data_key.plaintext, (context || {}).to_json).decrypt(
+          encrypted_data[:c],
+          iv: encrypted_data[:iv],
+          tag: encrypted_data[:t]
+        )
+      end
+
+      def encrypt
+        return if plain_value.nil?
+        encrypted = AES.new(data_key.plaintext, (context || {}).to_json).encrypt(plain_value)
+        self.ciphertext = {
+          c:  encrypted[:content],
+          t:  encrypted[:tag],
+          iv: encrypted[:iv],
+          ad: encrypted[:auth_data]
+        }.to_json
+      end
+
+      private
+
+      def find_or_create_data_key
+        if data_key.nil?
+          self.data_key = DataKey.find_or_create_by!(name: random_key_name, cmk_id: Voynich.kms_cmk_id)
+        end
+      end
+
+      def random_key_name
+        "auto:#{Random.rand(Voynich.auto_data_key_count)}"
+      end
+
+      def generate_uuid
+        self.uuid ||= SecureRandom.uuid
+      end
+    end
+  end
+end

data/lib/voynich/active_record.rb

@@ -0,0 +1,8 @@
+require 'active_record'
+require 'voynich/active_record/models/data_key'
+require 'voynich/active_record/models/value'
+
+module Voynich
+  module ActiveRecord
+  end
+end

data/lib/voynich/aes.rb

@@ -0,0 +1,51 @@
+require 'yaml'
+require 'base64'
+
+module Voynich
+  class AES
+    AUTH_TAG_BITS = 128
+    CIPHER_MODE = 'aes-256-gcm'
+    DEFAULT_SERIALIZER = Marshal
+
+    def initialize(secret, adata, serializer: DEFAULT_SERIALIZER)
+      @secret = secret
+      @auth_data = adata
+      @serializer = serializer
+    end
+
+    def encrypt(plaintext)
+      cipher = OpenSSL::Cipher.new(CIPHER_MODE)
+      cipher.encrypt
+      cipher.key = @secret
+      iv = cipher.random_iv
+      cipher.auth_data = @auth_data
+      encrypted_data = cipher.update(serialize(plaintext)) + cipher.final
+      tag = cipher.auth_tag(AUTH_TAG_BITS / 8)
+      {
+        content: Base64.strict_encode64(encrypted_data),
+        tag:     Base64.strict_encode64(tag),
+        iv:      Base64.strict_encode64(iv),
+        auth_data: @auth_data
+      }
+    end
+
+    def decrypt(content, iv:, tag:)
+      cipher = OpenSSL::Cipher.new(CIPHER_MODE)
+      cipher.decrypt
+      cipher.key = @secret
+      cipher.iv = Base64.decode64(iv)
+      cipher.auth_tag = Base64.decode64(tag)
+      cipher.auth_data = @auth_data
+      decrypted_data = cipher.update(Base64.decode64(content)) + cipher.final
+      deserialize(decrypted_data)
+    end
+
+    def serialize(data)
+      @serializer.dump(data)
+    end
+
+    def deserialize(data)
+      @serializer.load(data)
+    end
+  end
+end

data/lib/voynich/kms_data_key_client.rb

@@ -0,0 +1,43 @@
+module Voynich
+  class KMSDataKeyClient
+    Result = Struct.new(:plaintext, :ciphertext)
+
+    attr_reader :cmk_id
+
+    def initialize(cmk_id)
+      @cmk_id = cmk_id
+    end
+
+    def decrypt(ciphertext)
+      response = kms_client.decrypt(ciphertext_blob: decode(ciphertext))
+      Result.new(encode(response.plaintext), ciphertext)
+    end
+
+    def generate
+      response = kms_client.generate_data_key(key_id: cmk_id, key_spec: 'AES_256')
+      Result.new(encode(response.plaintext), encode(response.ciphertext_blob))
+    end
+
+    def reencrypt(ciphertext)
+      response = kms_client.re_encrypt(
+        ciphertext_blob: decode(ciphertext),
+        destination_key_id: cmk_id
+      )
+      Result.new(nil, encode(response.ciphertext_blob))
+    end
+
+    private
+
+    def encode(data)
+      Base64.strict_encode64(data)
+    end
+
+    def decode(data)
+      Base64.decode64(data)
+    end
+
+    def kms_client
+      @kms_client ||= Voynich.kms_client
+    end
+  end
+end

data/lib/voynich/storage.rb

@@ -0,0 +1,34 @@
+require 'voynich'
+
+module Voynich
+  class Storage
+    def initialize
+    end
+
+    def create(plain_value, key_name: nil, context: {})
+      data_key = fetch_data_key(key_name) unless key_name.nil?
+      value = ActiveRecord::Value.create!(plain_value: plain_value, data_key: data_key, context: context)
+      value.uuid
+    end
+
+    def update(uuid, plain_value, context: {})
+      value = ActiveRecord::Value.find_by!(uuid: uuid)
+      value.plain_value = plain_value
+      value.context = context
+      value.save!
+      uuid
+    end
+
+    def decrypt(uuid, context: {})
+      value = ActiveRecord::Value.find_by!(uuid: uuid)
+      value.context = context
+      value.decrypt
+    end
+
+    private
+
+    def fetch_data_key(key_name)
+      ActiveRecord::DataKey.find_or_create_by!(name: key_name, cmk_id: Voynich.kms_cmk_id)
+    end
+  end
+end

data/lib/voynich/test_support.rb

@@ -0,0 +1,17 @@
+module Voynich
+  module TestSupport
+    module StubKMS
+      def stub_kms_request
+        allow(Voynich).to receive(:kms_client) do
+          client = Aws::KMS::Client.new(stub_responses: true)
+          client.stub_responses(:generate_data_key,
+                                plaintext: 'fourty length encoded plaintext data key',
+                                ciphertext_blob: 'generated ciphertext blob')
+          client.stub_responses(:decrypt, plaintext: 'fourty length encoded plaintext data key')
+          client.stub_responses(:re_encrypt, ciphertext_blob: 'reencrypted ciphertext blob')
+          client
+        end
+      end
+    end
+  end
+end

data/lib/voynich/version.rb

@@ -0,0 +1,3 @@
+module Voynich
+  VERSION = "0.1.0"
+end

data/lib/voynich.rb

@@ -0,0 +1,52 @@
+require "voynich/version"
+require "voynich/active_record"
+require "voynich/kms_data_key_client"
+require "voynich/active_model/model"
+require "voynich/storage"
+require "voynich/aes"
+
+require 'aws-sdk'
+require 'active_support/core_ext/module/attribute_accessors'
+
+module Voynich
+  mattr_accessor :kms_cmk_id
+  mattr_accessor :auto_data_key_count
+  mattr_accessor :aws_access_key_id
+  mattr_accessor :aws_secret_access_key
+  mattr_accessor :aws_region
+
+  DEFAULT_CONFIG = {
+    auto_data_key_max_count: 50,
+    aws_region: 'us-east-1'
+  }
+
+  def self.configure(config = {})
+    config = DEFAULT_CONFIG.merge(config)
+    self.kms_cmk_id = config[:kms_cmk_id]
+    self.auto_data_key_count = config[:auto_data_key_max_count]
+    self.aws_access_key_id = config[:aws_access_key_id]
+    self.aws_secret_access_key = config[:aws_secret_access_key]
+    self.aws_region = config[:aws_region]
+  end
+
+  def self.kms_client
+    if self.aws_access_key_id.present?
+      credentials = Aws::Credentials.new(self.aws_access_key_id, self.aws_secret_access_key)
+      Aws::KMS::Client.new(region: self.aws_region, credentials: credentials)
+    else
+      Aws::KMS::Client.new(region: self.aws_region)
+    end
+  end
+
+  # Re-encrypts all existing data keys
+  # this should be executed when KMS CMK is rotated to
+  # have the data keys encrypted by the latest CMK
+  def reencrypt_all_data_keys
+    ActiveRecord::DataKey.find_each do |data_key|
+      data_key.reencrypt!
+      sleep 0.1 # KMS limits API access up to 100 calls/sec
+    end
+  end
+
+  self.configure
+end

data/voynich.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'voynich/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "voynich"
+  spec.version       = Voynich::VERSION
+  spec.authors       = ["Kazunori Kajihiro"]
+  spec.email         = ["kkajihiro@degica.com"]
+
+  spec.summary       = "KMS backed secret management library"
+  spec.description   = "KMS backed secret management library."
+  spec.homepage      = "https://github.com/degica/voynich"
+  spec.licenses      = ['MIT']
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.4"
+  spec.add_dependency "aws-sdk", "~> 2.2"
+  spec.add_dependency "activesupport", "~> 4.2"
+  spec.add_dependency "activerecord", "~> 4.2"
+end

metadata

@@ -0,0 +1,151 @@
+--- !ruby/object:Gem::Specification
+name: voynich
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Kazunori Kajihiro
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-03-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+description: KMS backed secret management library.
+email:
+- kkajihiro@degica.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- MIT-LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/generators/voynich/active_record_generator.rb
+- lib/generators/voynich/model_attribute_generator.rb
+- lib/generators/voynich/templates/migration.rb
+- lib/voynich.rb
+- lib/voynich/active_model/model.rb
+- lib/voynich/active_record.rb
+- lib/voynich/active_record/models/data_key.rb
+- lib/voynich/active_record/models/value.rb
+- lib/voynich/aes.rb
+- lib/voynich/kms_data_key_client.rb
+- lib/voynich/storage.rb
+- lib/voynich/test_support.rb
+- lib/voynich/version.rb
+- voynich.gemspec
+homepage: https://github.com/degica/voynich
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: KMS backed secret management library
+test_files: []