CarrierWave
Secure¶ ↑
Provides scallable strong encryption to CarrierWave, the classier solution for file uploads from Ruby aplications.
CarrierWave
Secure uses {Advanced encryption standard}[https://en.wikipedia.org/wiki/Advanced_Encryption_Standard] in {Galois/Counter mode}[https://en.wikipedia.org/wiki/Galois/Counter_Mode] to give quantum-resistant protection to your application data files with great performances.
Requirements¶ ↑
-
Ruby 2.4+ (or latest JRuby)
-
CarrierWave
2.0+ -
Rails 5.0+ (optional)
Installation¶ ↑
To install CarrierWave Secure, run:
$ gem install carrierwave-secure
If you are installing via Bundler, add it to the Gemfile:
gem 'carrierwave-secure', '~> 2.0'
Usage¶ ↑
The following examples use cloud storage with OpenStack Swift, but they are easily adaptable to any other storage strategy (such as local filesystem, Amazon S3, Google Cloud, Rackspace, and many others).
# See https://github.com/carrierwaveuploader/carrierwave#fog CarrierWave.configure do |config| config.fog_directory = ENV['OPENSTACK_SWIFT_CONTAINER'] config.fog_credentials = { provider: :openstack, openstack_auth_url: ENV['OPENSTACK_AUTH_URL'], openstack_username: ENV['OPENSTACK_USERNAME'], openstack_api_key: ENV['OPENSTACK_API_KEY'], openstack_region: ENV['OPENSTACK_REGION'], openstack_project_name: ENV['OPENSTACK_USERNAME'], openstack_domain_id: ENV['OPENSTACK_DOMAIN_ID'] || 'default' } config.secure_key = ENV['ENCRYPTION_KEY'] # base64 encoded end # See https://github.com/carrierwaveuploader/carrierwave#getting-started class CloudUploader < CarrierWave::Uploader::Base storage :fog end # Decorate your uploader with strong encryption powers uploader = CarrierWave::Secure::Uploader[CloudUploader].new # Encrypts the file before uploading it uploader.store!(my_file) # Downloads the encrypted file uploader.retrieve_from_store!(filename) # Decrypts data locally uploader.read
Rails¶ ↑
# config/initializers/carrierwave.rb CarrierWave.configure do |config| # See https://github.com/carrierwaveuploader/carrierwave#fog # Rails >= 5.2 config.fog_directory = Rails.application.credentials.carrierwave[:fog_directory] # container name config.fog_credentials = Rails.application.credentials.carrierwave[:fog_credentials] # authentication config.secure_key = Rails.application.credentials.carrierwave[:secure_key] # 256-bit key (base64 encoded) # Rails 5.1 config.fog_directory = Rails.application.secrets.carrierwave[:fog_directory] # container name config.fog_credentials = Rails.application.secrets.carrierwave[:fog_credentials] # authentication config.secure_key = Rails.application.secrets.carrierwave[:secure_key] # 256-bit key (base64 encoded) end # app/uploaders/cloud_uploader.rb class CloudUploader < CarrierWave::Uploader::Base storage :fog end # app/models/document.rb class Document < ApplicationRecord # Set `secure` option to `true` mount_uploader :file, CloudUploader, secure: true end # Encrypts the file before uploading it document = Document.create!(file: my_file) # Downloads the encrypted file and decrypts data locally document.file.read
Generating the encryption key¶ ↑
Keep the production private key safe and private!
To generate the 256-bit key, download this library's source code and run the following from its root directory:
$ gem install rake $ rake
Copy the results and store it in a safe place.
Rails¶ ↑
If you're using Rails, run the following from the project's root directory:
$ rake carrierwave_secure:generate_key
We recommended you to store the encryption key using secure credentials.
License¶ ↑
Licensed under {GNU Lesser General Public License v3.0}
Authors¶ ↑
-
Felipe Batista