class Ribbon::EncryptedStore::Mixins::ActiveRecordMixin::EncryptionKey

Public Class Methods

_create_primary_key(dek) click to toggle source
# File lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb, line 62
def _create_primary_key(dek)
  self.new.tap { |key|
    key.dek = EncryptedStore.encrypt_key(dek, true)
    key.primary = true
    key.save!
  }
end
_get_models_with_encrypted_store() click to toggle source
# File lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb, line 58
def _get_models_with_encrypted_store
  _get_table_models.select { |model| model < Mixins::ActiveRecordMixin }
end
_get_table_models() click to toggle source
# File lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb, line 53
def _get_table_models
  Rails.application.eager_load! if defined?(Rails) && Rails.application
  ActiveRecord::Base.descendants
end
_has_primary?() click to toggle source
# File lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb, line 49
def _has_primary?
  where(primary: true).exists?
end
new_key(custom_key=nil) click to toggle source
# File lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb, line 16
def new_key(custom_key=nil)
  dek = custom_key || SecureRandom.random_bytes(32)

  transaction {
    _has_primary? && where(primary: true).first.update_attributes(primary: false)
    _create_primary_key(dek)
  }
end
preload(amount) click to toggle source

Preload the most recent ‘amount` keys.

# File lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb, line 39
def preload(amount)
  primary_encryption_key # Ensure there's at least a primary key
  order(:created_at).limit(amount)
end
primary_encryption_key() click to toggle source
# File lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb, line 11
def primary_encryption_key
  new_key unless _has_primary?
  where(primary: true).last || last
end
retire_keys(key_ids=[]) click to toggle source
# File lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb, line 25
def retire_keys(key_ids=[])
  pkey = primary_encryption_key

  ActiveRecordMixin.descendants.each { |model|
    records = key_ids.empty? ? model.where("encryption_key_id != ?", pkey.id)
                             : model.where("encryption_key_id IN (?)", key_ids)
    records.each { |record| record.reencrypt!(pkey) }
  }

  pkey
end
rotate_keys() click to toggle source
# File lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb, line 44
def rotate_keys
  new_key
  retire_keys
end

Public Instance Methods

decrypted_key() click to toggle source
# File lib/ribbon/encrypted_store/mixins/active_record_mixin/encryption_key.rb, line 71
def decrypted_key
  EncryptedStore.decrypt_key(self.dek, self.primary)
end