Mongoid::Kms

Easily encrypt your datas using AWS's KSM.

Installation

Add this line to your application's Gemfile:

gem 'mongoid-kms'

And then execute:

$ bundle

Or install it yourself as:

$ gem install mongoid-kms

Usage

Environmental variables to include:

AWS_ACCESS_KEY_ID # an IAM access key
AWS_SECRET_ACCESS_KEY # an IAM access secret

Somewhere before your run your application, you will need to add this:

require 'mongoid/kms'

Mongoid::Kms.configure({region: "us-east-1", key: "your aws kms key id i.e <02342-234-232-234-234>"})

When defining yoru classes, include Mongoid::Kms, and use the secure_field to define your fields with a required :context. Context must return a hash.

class MyClass
  include Mongoid::Document
  include Mongoid::Kms

  secure_field :secure, type: String, context: lambda { |d| {name: d.name} }
  field :unsecure

  def name
    @name ||= "me-#{Time.now.to_i}"
  end
end

Development and Testing

In development or testing, just require mongoid/kms/mock and the package will use Rot13 for encryption.