teak-attr_encrypted provides a DSL to transparently encrypt and decrypt attributes on any class, with the primary usecase intended to be with ORM models.
Quickstart:
require 'openssl'
require 'teak/attr_encrypted/kek_provider/aes'
# NOTE: The AES provider is only intended for dev and local use. Its security for
# production usage has not been considered or evaluated.
# TODO: Use the same master key on every run ;)
master_key = OpenSSL::Cipher.new('aes-256-gcm').encrypt.random_key
Teak::AttrEncrypted.default_kek_provider = Teak::AttrEncrypted::KEKProvider::AES.new(master_key)
class MyEncryptedClass
include Teak::AttrEncrypted
attr_encrypted :sooper_secret
private
# By default attr_encrypted will read and write ciphertext from
# "#{attribute_name}_enc". This can be customized with the
# `ciphertext_attr_name:` keyword argument
attr_accessor :sooper_secret_enc
end
instance = MyEncryptedClass.new
# Sets instance.sooper_secret_enc to a ciphertext blob
instance.sooper_secret = 'keep it safe'
# Decrypts sooper_secret_enc to its original value
puts instance.sooper_secret
Add this line to your application's Gemfile:
gem 'teak-attr_encrypted'
And then execute:
$ bundle install
Or install it yourself as:
$ gem install teak-attr_encrypted
In production the Teak::AttrEncrypted.default_kek_provider should be set to an instance of Teak::AttrEncrypted::KEKProvider::AwsKMS. The AwsKMS provider will use the given AWS KMS key to generate and decrypt data keys for locally applied envelope encryption.
It's highly recommended that you provide a context: parameter when using attr_encrypted. This may be a symbol, which will attempt to invoke the named method on the object, a proc, which will be evaluated in the context of the object, or another value which will be used as is. The context parameter will be used as additional authenticated data and must match on both encryption (write) and decryption (read) operations.
After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/GoCarrot/teak-attr_encrypted.
FAQs
Unknown package
We found that teak-attr_encrypted demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.