Module: Transcryptor
- Defined in:
- lib/transcryptor.rb,
lib/transcryptor/version.rb
Overview
To use Transcryptor, here is a sample migration that showcases this:
class ReencryptUsersAndDocumentsWithNewKeys < ActiveRecord::Migration
def transcryptor
Transcryptor.init(self)
end
# +keyifier+ mirrors the functionality provided by the :key Proc in
# attr_encrypted.
# NOTE: Has to return the entire Hash.
#
def old_keyifier
-> opts {
opts[:key] = ENV['old_master_encryption_key'] + opts[:key]
opts
}
end
def new_keyifier
-> opts {
opts[:key] = ENV['new_master_encryption_key'] + opts[:key]
opts
}
end
def table_column_spec
{
users: {
id_column: :id,
columns: {
email: {
prefix: 'encrypted_',
key: :ekey,
},
birthday: {
prefix: 'encrypted_',
key: :ekey,
},
}
},
documents: {
id_column: :id,
columns: {
passphrase: {
prefix: 'encrypted_',
key: :ekey,
},
}
},
}
end
def up
transcryptor.updown_migrate(
table_column_spec,
{
algorithm: 'aes-256-cbc',
decode64_value: true,
}, {
algorithm: 'aes-256-gcm',
encode64_iv: true,
encode64_value: true,
iv: true,
},
old_keyifier,
new_keyifier,
)
end
def down
transcryptor.updown_migrate(
table_column_spec,
{
algorithm: 'aes-256-gcm',
decode64_iv: true,
decode64_value: true,
}, {
algorithm: 'aes-256-cbc',
iv: false,
salt: false,
encode64_value: true,
insecure_mode: true,
},
new_keyifier,
old_keyifier,
)
end
Defined Under Namespace
Classes: Instance
Constant Summary collapse
- VERSION =
"0.1.0"
Class Method Summary collapse
-
.init(migration_instance = Kernel.caller) ⇒ Object
Initialize Transcryptor instance with the migration instance.
Class Method Details
.init(migration_instance = Kernel.caller) ⇒ Object
Initialize Transcryptor instance with the migration instance. This step allows typical migration methods like #execute to be invoked from this gem.
101 102 103 |
# File 'lib/transcryptor.rb', line 101 def self.init(migration_instance = Kernel.caller) Instance.new(migration_instance) end |