module Transcryptor
To use Transcryptor, here is a sample migration that showcases this:
class ReencryptUsersAndDocumentsWithNewKeys < ActiveRecord::Migration
def transcryptor Transcryptor.init(self) end # +keyifier+ mirrors the functionality provided by the :key Proc in # attr_encrypted. # NOTE: Has to return the entire Hash. # def old_keyifier -> opts { opts[:key] = ENV['old_master_encryption_key'] + opts[:key] opts } end def new_keyifier -> opts { opts[:key] = ENV['new_master_encryption_key'] + opts[:key] opts } end def table_column_spec { users: { id_column: :id, columns: { email: { prefix: 'encrypted_', key: :ekey, }, birthday: { prefix: 'encrypted_', key: :ekey, }, } }, documents: { id_column: :id, columns: { passphrase: { prefix: 'encrypted_', key: :ekey, }, } }, } end def up transcryptor.updown_migrate( table_column_spec, { algorithm: 'aes-256-cbc', decode64_value: true, }, { algorithm: 'aes-256-gcm', encode64_iv: true, encode64_value: true, iv: true, }, old_keyifier, new_keyifier, ) end def down transcryptor.updown_migrate( table_column_spec, { algorithm: 'aes-256-gcm', decode64_iv: true, decode64_value: true, }, { algorithm: 'aes-256-cbc', iv: false, salt: false, encode64_value: true, insecure_mode: true, }, new_keyifier, old_keyifier, ) end
Constants
- VERSION
Public Class Methods
init(migration_instance = Kernel.caller)
click to toggle source
Initialize Transcryptor instance with the migration instance. This step allows typical migration methods like execute to be invoked from this gem.
# File lib/transcryptor.rb, line 101 def self.init(migration_instance = Kernel.caller) Instance.new(migration_instance) end