Class: SecretString

Inherits:

Object

• Object
• SecretString

Extended by:

Forwardable

Defined in:

lib/secret_string.rb,
lib/secret_string/version.rb,
lib/secret_string/core_extensions/string.rb

Overview

Protect sensitive data in Strings by erasing it from memory when not needed anymore.

Defined Under Namespace

Modules: CoreExtensions

Constant Summary

VERSION =

'1.1.2'

Class Method Summary

• .erase(secret) ⇒ Object

  Securely erase a String from memory.

• .protect(str, silenced_str: 'XXXXX') ⇒ Object

  Protect a String by giving access only to a secured version of it.

Instance Method Summary

• #erase ⇒ Object

  Erase the string.

• #initialize(str, silenced_str: 'XXXXX') ⇒ SecretString constructor

  Constructor.

• #to_unprotected ⇒ Object

  Return the unprotected String.

Constructor Details

#initialize(str, silenced_str: 'XXXXX') ⇒ SecretString

Constructor

Parameters

• str (String): The original string to protect, unfrozen

• silenced_str (String): The silenced representation of this string [default: ‘XXXXX’]

# File 'lib/secret_string.rb', line 49

def initialize(str, silenced_str: 'XXXXX')
  raise 'Can\'t silence a frozen string' if str.frozen?

  @str = str
  # Make sure we manipulate @str without cloning or modifying it from now on.
  @silenced_str = silenced_str
end

Class Method Details

.erase(secret) ⇒ Object

Securely erase a String from memory

Parameters

• secret (String): The secret to erase from memory

# File 'lib/secret_string.rb', line 14

def erase(secret)
  raise 'Can\'t erase a frozen string' if secret.frozen?

  secret_size = secret.bytesize
  io = StringIO.new("\0" * secret_size)
  io.read(secret_size, secret)
end

.protect(str, silenced_str: 'XXXXX') ⇒ Object

Protect a String by giving access only to a secured version of it. Make sure the String will be erased at the end of its access.

Parameters

• str (String): String to protect, unfrozen

• silenced_str (String): The protected representation of this string [default: ‘XXXXX’]

• Proc: Code called with the string secured

  • Parameters

    • secretstring (SecretString): The secret string

# File 'lib/secret_string.rb', line 31

def protect(str, silenced_str: 'XXXXX')
  raise 'Can\'t protect a frozen string' if str.frozen?

  begin
    secret_string = SecretString.new(str, silenced_str:)
    yield secret_string
  ensure
    secret_string.erase
  end
end

Instance Method Details

#erase ⇒ Object

Erase the string

# File 'lib/secret_string.rb', line 82

def erase
  SecretString.erase(@str)
end

#to_unprotected ⇒ Object

Return the unprotected String

Result

• String: Unprotected string

# File 'lib/secret_string.rb', line 77

def to_unprotected
  @str
end