Skip to content
/ secure_attribute Public

Encrypt attributes of any Ruby object or ActiveRecord model.

License

MIT license
10 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

BaseSecrete/secure_attribute

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
secure_attribute.gemspec
secure_attribute.gemspec
 
 

Repository files navigation

Secure Attribute

Secure Attribute is a ruby gem to encrypt attributes of any Ruby object or ActiveRecord model. It is made to protect sensitive data, such as API secrets, OAuth tokens or even FTP passwords.

While there are already a few encryption gems out there, Secure Attribute has no dependencies and no code constraints.

Installation

Add gem "secure_attribute" to your Gemfile and run bundle install.

Then, generate an encryption key:

SecureAttribute.export_random_key_base64("AES-256-CBC")

The key is encoded in base 64 to make it more convenient to store it in an environment variable. Make sure you do not lose your encryption key or you won't be able to decrypt any data.

Usage

For the examples bellow we assume the key is stored in the environment variable SECURE_ATTRIBUTE_KEY.

There are 2 ways to use it:

  • You can call the helper method attr_secure which creates the relevant attribute accessors if missing, or surrounds them with the encryption mechanism.
class User < ActiveRecord::Base
  include SecureAttribute
  attr_secure :oauth_secret, algorithm: "AES-256-CBC", key: Base64.decode64(ENV["SECURE_ATTRIBUTE_KEY"])
end

user = User.new(oauth_secret: "test")
user.attributes[:oauth_secret] # => "$AES-256-CBC$c+qXJa1f3dd8y26rjAvGNQ==$fhMvLkC7g+gaw5pxqpkFlQ=="
user.oauth_secret # => "test"
  • If your prefer to control manually the encryption stuff, or if the surrounding attribute accessors mess up with your code, you can do it like this:
class User
  def oauth_secret=(value)
    @oauth_secret = value ? SecureAttribute.encipher("AES-256-CBC", value, ENV["SECURE_ATTRIBUTE_KEY"]) : nil
  end

  def oauth_secret
    SecureAttribute.decipher(@oauth_secret, ENV["SECURE_ATTRIBUTE_KEY"]) if @oauth_secret
  end
end

Storage format

In addition to the data, Secure Attribute stores the encryption algorithm and the initialisation vector into a format inspired by Bcrypt:

$algorithm$iv$encrypted_data

This has 2 benefits:

  • You don't need an extra column in your database to store the initialisation vector.
  • It gives you more flexibility in the future to switch to another encryption algorithm.

MIT License

Made by Base Secrète.

Rails developer? Check out RoRvsWild, our Ruby on Rails application monitoring tool.

About

Encrypt attributes of any Ruby object or ActiveRecord model.

Topics

ruby encryption ruby-on-rails

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

10 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages