pluginaweek / encrypted_attributes

Branches (1)
- master ✓
Tags (9)
- v0.4.0
- v0.3.0
- v0.2.0
- v0.1.3
- v0.1.2
- v0.1.1
- v0.1.0
- v0.0.2
- v0.0.1

Adds support for automatically encrypting ActiveRecord attributes — Read more

http://www.pluginaweek.org

This URL has Read+Write access

Add gemspec

obrie (author)

Mon Jun 08 19:31:58 -0700 2009

commit 929ae96129658de178fb0a6de4e691ebb9479a6d
tree e1d9150c6c411d73f1d6fa56b95fdecc3737fcc1
parent f88e9f90b473e0191b2d0fe7fb26710b924161b1

encrypted_attributes /

	name	age	history message
	.gitignore		Loading commit data...
	CHANGELOG.rdoc
	LICENSE
	README.rdoc
	Rakefile
	encrypted_attributes.gemspec
	init.rb
	lib/
	test/

README.rdoc

encrypted_attributes

encrypted_attributes adds support for automatically encrypting ActiveRecord attributes.

Resources

API

api.pluginaweek.org/encrypted_attributes

Bugs

pluginaweek.lighthouseapp.com/projects/13269-encrypted_attributes

Development

github.com/pluginaweek/encrypted_attributes

Source

git://github.com/pluginaweek/encrypted_attributes.git

Description

Encrypting attributes can be repetitive especially when doing so throughout various models and various projects. encrypted_attributes, in association with the encrypted_strings library, helps make encrypting ActiveRecord attributes easier by automating the process.

The options that encrypts takes includes all of the encryption options for the specific type of cipher being used from the encrypted_strings library. Therefore, if setting the key for asymmetric encryption, this would be passed into the encrypts method. Examples of this are show in the Usage section.

Usage

Encryption Modes

SHA, symmetric, and asymmetric encryption modes are supported (default is SHA):

  class User < ActiveRecord::Base
    encrypts :password, :salt => 'secret'
    # encrypts :password, :mode => :symmetric, :password => 'secret'
    # encrypts :password, :mode => :asymmetric, :public_key_file => '/keys/public', :private_key_file => '/keys/private'
  end

Dynamic Configuration

The encryption configuration can be dynamically set like so:

  class User < ActiveRecord::Base
    encrypts :password, :mode => :sha do |user|
      {:salt => "#{user.login}-#{Time.now}", :embed_salt => true}
    end
  end

In this case, the salt and password values are combined and stored in the attribute being encrypted. Therefore, there’s no need to add a second column for storing the salt value.

To store the dynamic salt in a separate column:

  class User < ActiveRecord::Base
    encrypts :password, :mode => :sha, :before => :create_salt do |user|
      {:salt => user.salt}
    end

    def create_salt
      self.salt = "#{login}-#{Time.now}"
    end
  end

Targeted Encryption

If you want to store the encrypted value in a different attribute than the attribute being encrypted:

  class User < ActiveRecord::Base
    encrypts :password, :to => :crypted_password
  end

Conditional Encryption

Like ActiveRecord validations, encrypts can take :if and :unless parameters that determine whether the encryption should occur. For example,

  class User < ActiveRecord::Base
    encrypts :password, :if => lambda {Rails.env != 'development'}
  end

Additional information

For more examples of actual migrations and models that encrypt attributes, see the actual API and unit tests. Also, see encrypted_strings for more information about the various options that can be passed in.

Testing

Before you can run any tests, the following gem must be installed:

plugin_test_helper

To run against a specific version of Rails:

  rake test RAILS_FRAMEWORK_ROOT=/path/to/rails

Dependencies

Rails 2.1 or later
encrypted_strings