module Sequel::Plugins::Vault::ClassMethods

@!attribute [r] vault_attrs

@return [Array<Symbol>] array of all attributes to be encrypted

@!attribute [r] vault_keys

@return [Array<String>] array of all keys to be used.

Attributes

vault_attrs[R]
vault_keys[R]

Public Instance Methods

decrypt(keys, cypher) click to toggle source

Returns the decryped version of encrypted text.

@param [Array<String>] keys to be used @param [String] cypher text @return [String] plain version of the cypher text

# File lib/sequel_vault.rb, line 70
def decrypt(keys, cypher)
  keys.each do |key|
    verifier = ::Fernet.verifier(key, cypher, enforce_ttl: false)
    next unless verifier.valid?
    return verifier.message
  end
  cypher # Return cypher has it's probably just plain text
end
digest(keys, plain) click to toggle source

Returns the HMAC digest of plain text.

@param [Array<String>] keys to be used @param [String] plain text @return [String] HMAC digest of the plain text

# File lib/sequel_vault.rb, line 52
def digest(keys, plain)
  OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha512'), Array(keys).last, plain)
end
encrypt(keys, plain) click to toggle source

Returns the encrypted version of plain text.

@param [Array<String>] keys to be used @param [String] plain text @return [String] encrypted version of the plain text

# File lib/sequel_vault.rb, line 61
def encrypt(keys, plain)
  ::Fernet.generate(keys.last, plain)
end
vault_attributes(keys, *attributes) click to toggle source

Setup vault with the given keys for the given attributes.

@param [Array<String>] keys to be used @param [Array<Symbol>] attributes that will be encrypted

# File lib/sequel_vault.rb, line 32
def vault_attributes(keys, *attributes)
  raise(Error, 'must provide both keys name and attrs when setting up vault') unless keys && attributes
  @vault_keys = keys
  @vault_attrs = attributes

  self.class.instance_eval do
    attributes.each do |attr|
      define_method("#{attr}_lookup") do |plain|
        digests = keys.map { |key| Sequel.blob(digest(key, plain)) }
        where("#{attr}_digest": digests).first
      end
    end
  end
end