Class: SecretString

Inherits:

Object

Object
SecretString

show all

Extended by:: Forwardable

Defined in:: lib/secret_string.rb,
lib/secret_string/version.rb,
lib/secret_string/core_extensions/string.rb

Overview

Protect sensitive data in Strings by erasing it from memory when not needed anymore.

Defined Under Namespace

Modules: CoreExtensions

Constant Summary collapse

VERSION =

'1.1.0'

Class Method Summary collapse

.erase(secret) ⇒ Object

Securely erase a String from memory.
.protect(str, silenced_str: 'XXXXX') ⇒ Object

Protect a String by giving access only to a secured version of it.

Instance Method Summary collapse

#erase ⇒ Object

Erase the string.
#initialize(str, silenced_str: 'XXXXX') ⇒ SecretString constructor

Constructor.
#to_unprotected ⇒ Object

Return the unprotected String.

Constructor Details

#initialize(str, silenced_str: 'XXXXX') ⇒ `SecretString`

Constructor

Parameters

str (String): The original string to protect
silenced_str (String): The silenced representation of this string [default: ‘XXXXX’]

# File 'lib/secret_string.rb', line 43

def initialize(str, silenced_str: 'XXXXX')
  @str = str
  # Make sure we manipulate @str without cloning or modifying it from now on.
  @silenced_str = silenced_str
end

Class Method Details

.erase(secret) ⇒ `Object`

Securely erase a String from memory

Parameters

secret (String): The secret to erase from memory

# File 'lib/secret_string.rb', line 14

def erase(secret)
  secret_size = secret.bytesize
  io = StringIO.new("\0" * secret_size)
  io.read(secret_size, secret)
end

.protect(str, silenced_str: 'XXXXX') ⇒ `Object`

Protect a String by giving access only to a secured version of it. Make sure the String will be erased at the end of its access.

Parameters

str (String): String to protect
silenced_str (String): The protected representation of this string [default: ‘XXXXX’]
Proc: Code called with the string secured
- Parameters
  - secretstring (SecretString): The secret string

# File 'lib/secret_string.rb', line 29

def protect(str, silenced_str: 'XXXXX')
  secret_string = SecretString.new(str, silenced_str: silenced_str)
  yield secret_string
ensure
  secret_string.erase
end

Instance Method Details

#erase ⇒ `Object`

Erase the string



74
75
76

# File 'lib/secret_string.rb', line 74

def erase
  SecretString.erase(@str)
end

#to_unprotected ⇒ `Object`

Return the unprotected String

Result

String: Unprotected string



69
70
71

# File 'lib/secret_string.rb', line 69

def to_unprotected
  @str
end