Class: EncryptedStore::ActiveRecord::EncryptionKey

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• EncryptedStore::ActiveRecord::EncryptionKey

Defined in:

lib/encrypted_store/active_record/encryption_key.rb

Class Method Summary

• ._create_primary_key(dek) ⇒ Object
• ._has_primary? ⇒ Boolean
• .new_key(custom_key = nil) ⇒ Object
• .preload(amount) ⇒ Object

  Preload the most recent ‘amount` keys.

• .primary_encryption_key ⇒ Object
• .retire_keys(key_ids = []) ⇒ Object
• .rotate_keys ⇒ Object

Instance Method Summary

• #decrypted_key ⇒ Object

  Class Methods.

Class Method Details

._create_primary_key(dek) ⇒ Object

# File 'lib/encrypted_store/active_record/encryption_key.rb', line 55

def _create_primary_key(dek)
  self.new.tap { |key|
    key.dek = EncryptedStore.encrypt_key(dek, true)
    key.primary = true
    key.save!
  }
end

._has_primary? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/encrypted_store/active_record/encryption_key.rb', line 51

def _has_primary?
  where(primary: true).exists?
end

.new_key(custom_key = nil) ⇒ Object

# File 'lib/encrypted_store/active_record/encryption_key.rb', line 15

def new_key(custom_key = nil)
  dek = custom_key || SecureRandom.random_bytes(32)

  transaction {
    _has_primary? && where(primary: true).first.update_attributes(primary: false)
    _create_primary_key(dek)
  }
end

.preload(amount) ⇒ Object

Preload the most recent ‘amount` keys.

# File 'lib/encrypted_store/active_record/encryption_key.rb', line 41

def preload(amount)
  primary_encryption_key # Ensure there's at least a primary key
  order('id DESC').limit(amount)
end

.primary_encryption_key ⇒ Object

# File 'lib/encrypted_store/active_record/encryption_key.rb', line 10

def primary_encryption_key
  new_key unless _has_primary?
  where(primary: true).last || last
end

.retire_keys(key_ids = []) ⇒ Object

# File 'lib/encrypted_store/active_record/encryption_key.rb', line 24

def retire_keys(key_ids = [])
  pkey = primary_encryption_key

  ActiveRecord::Mixin.descendants.each { |model|
    records = key_ids.empty? ? model.where("encryption_key_id != ?", pkey.id)
                             : model.where("encryption_key_id IN (?)", key_ids)

    records.find_in_batches do |batch|
      batch.each { |record| record.reencrypt(pkey) }
    end
  }

  pkey
end

.rotate_keys ⇒ Object

# File 'lib/encrypted_store/active_record/encryption_key.rb', line 46

def rotate_keys
  new_key
  retire_keys
end

Instance Method Details

#decrypted_key ⇒ Object

Class Methods

# File 'lib/encrypted_store/active_record/encryption_key.rb', line 64

def decrypted_key
  EncryptedStore.decrypt_key(self.dek, self.primary)
end