pluginaweek / encrypted_attributes
watch download tarball
public
Forks1Right
Watchers9Right
Description: Adds support for automatically encrypting ActiveRecord attributes
Homepage: http://www.pluginaweek.org
Clone URL: git://github.com/pluginaweek/encrypted_attributes.git
name age
history
message
file .gitignore Fri Jul 04 15:48:35 -0700 2008 Ignore test/app_root/script [obrie]
file CHANGELOG.rdoc Loading commit data...
file LICENSE Wed Jun 25 20:23:38 -0700 2008 Rename MIT-LICENSE to LICENSE [obrie]
file README.rdoc
file Rakefile
file init.rb Tue Nov 07 07:58:36 -0800 2006 Initial revision. [obrie]
directory lib/
directory test/
README.rdoc

encrypted_attributes

encrypted_attributes adds support for automatically encrypting ActiveRecord attributes.

Resources

API

Bugs

Development

Source

  • git://github.com/pluginaweek/encrypted_attributes.git

Description

Encrypting attributes can be repetitive especially when doing so throughout various models and various projects. encrypted_attributes, in association with the encrypted_strings plugin, helps make encrypting ActiveRecord attributes easier by automating the process.

The options that encrypts takes includes all of the encryption options for the specific type of cipher being used from the encrypted_strings library. Therefore, if setting the key for asymmetric encryption, this would be passed into the encrypts method. Examples of this are show in the Usage section.

Usage

SHA Encryption

For SHA encryption, you can either use the default salt, a custom salt, or generate one based on the attributes of the model.

With the default salt: 

  class User < ActiveRecord::Base
    encrypts :password
  end

With a custom salt based on the record’s values: 

  class User < ActiveRecord::Base
    encrypts :password, :salt => :create_salt

    private
      def create_salt
        "#{login}_salt"
      end
  end

The salt and password values are combined and stored in the attribute being encrypted. Therefore, there’s no need to add a second column for storing the salt value.

Symmetric Encryption

  class User < ActiveRecord::Base
    encrypts :password, :mode => :symmetric, :password => 'secret'
  end

Asymmetric Encryption

  class User < ActiveRecord::Base
    encrypts :password, :mode => :asymmetric, :public_key_file => '/keys/public', :private_key_file => '/keys/private'
  end

Targeted Encryption

If you want to store the encrypted value in a different attribute than the attribute being encrypted, you can do so like so: 

  class User < ActiveRecord::Base
    encrypts :password, :to => :crypted_password
  end

Conditional Encryption

Like ActiveRecord validations, encrypts can take :if and :unless parameters that determine whether the encryption should occur. For example, 

  class User < ActiveRecord::Base
    encrypts :password, :if => lambda {Rails.env != 'development'}
  end

Additional information

For more examples of actual migrations and models that encrypt attributes, see the actual API and unit tests. Also, see encrypted_strings for more information about the various options that can be passed in.

Testing

Before you can run any tests, the following gem must be installed:

To run against a specific version of Rails: 

  rake test RAILS_FRAMEWORK_ROOT=/path/to/rails

Dependencies