Class: Ribbon::EncryptedStore::Mixins::ActiveRecordMixin::EncryptionKey

Inherits:
ActiveRecord::Base
  • Object
show all
Defined in:
lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

._create_primary_key(dek) ⇒ Object 



62
63
64
65
66
67
68
 
# File 'lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb', line 62

def _create_primary_key(dek)
  self.new.tap { |key|
    key.dek = EncryptedStore.encrypt_key(dek, true)
    key.primary = true
    key.save!
  }
end

._get_models_with_encrypted_storeObject 



58
59
60
 
# File 'lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb', line 58

def _get_models_with_encrypted_store
  _get_table_models.select { |model| model < Mixins::ActiveRecordMixin }
end

._get_table_modelsObject 



53
54
55
56
 
# File 'lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb', line 53

def _get_table_models
  Rails.application.eager_load! if defined?(Rails) && Rails.application
  ActiveRecord::Base.descendants
end

._has_primary?Boolean

Returns:

  • (Boolean) 


49
50
51
 
# File 'lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb', line 49

def _has_primary?
  where(primary: true).exists?
end

.new_key(custom_key = nil) ⇒ Object 



16
17
18
19
20
21
22
23
 
# File 'lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb', line 16

def new_key(custom_key=nil)
  dek = custom_key || SecureRandom.random_bytes(32)

  transaction {
    _has_primary? && where(primary: true).first.update_attributes(primary: false)
    _create_primary_key(dek)
  }
end

.preload(amount) ⇒ Object

Preload the most recent ‘amount` keys.



39
40
41
42
 
# File 'lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb', line 39

def preload(amount)
  primary_encryption_key # Ensure there's at least a primary key
  order(:created_at).limit(amount)
end

.primary_encryption_keyObject 



11
12
13
14
 
# File 'lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb', line 11

def primary_encryption_key
  new_key unless _has_primary?
  where(primary: true).last || last
end

.retire_keys(key_ids = []) ⇒ Object 



25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb', line 25

def retire_keys(key_ids=[])
  pkey = primary_encryption_key

  ActiveRecordMixin.descendants.each { |model|
    records = key_ids.empty? ? model.where("encryption_key_id != ?", pkey.id)
                             : model.where("encryption_key_id IN (?)", key_ids)
    records.each { |record| record.reencrypt!(pkey) }
  }

  pkey
end

.rotate_keysObject 



44
45
46
47
 
# File 'lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb', line 44

def rotate_keys
  new_key
  retire_keys
end

Instance Method Details

#decrypted_keyObject

Class Methods



71
72
73
 
# File 'lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb', line 71

def decrypted_key
  EncryptedStore.decrypt_key(self.dek, self.primary)
end