Home

Awesome

Symmetric Encryption

Gem Version Build Status Downloads License

Transparently encrypt ActiveRecord, and Mongoid attributes. Encrypt passwords in configuration files. Encrypt entire files at rest.

Introduction

Any project that wants to meet PCI compliance has to ensure that the data is encrypted whilst in flight and at rest. Amongst many other requirements all passwords in configuration files also have to be encrypted.

Symmetric Encryption helps achieve compliance by supporting encryption of data in a simple and consistent way.

Symmetric Encryption uses OpenSSL to encrypt and decrypt data, and can therefore expose all the encryption algorithms supported by OpenSSL.

Documentation

Symmetric Encryption Guide

Rocket Job

Checkout the sister project Rocket Job: Ruby's missing batch system.

Fully supports Symmetric Encryption to encrypt data in flight and at rest while running jobs in the background.

Upgrading to Rails V7

There is a method naming conflict with Rails 7, which has its own encrypted_attributes method.

As a result the older attr_encrypted mechanism is no longer available with Rails 7. Migrate the use of attr_encrypted to attribute as described in the Frameworks Guide.

Upgrading to SymmetricEncryption V4

Version 4 of Symmetric Encryption has completely adopted the Ruby keyword arguments on most API's where multiple arguments are being passed, or where a Hash was being used before.

The encrypt and decrypt API now require keyword arguments for any optional arguments.

The following does not change:

encrypted = SymmetricEncryption.encrypt('Hello World')
SymmetricEncryption.decrypt(encrypted)

The following is not backward compatible:

SymmetricEncryption.encrypt('Hello World', false, false, :date)

Needs to be changed to:

SymmetricEncryption.encrypt('Hello World', random_iv: false, compress: false, type: :date)

Or, just to change the type:

SymmetricEncryption.encrypt('Hello World', type: :date)

Similarly the decrypt api has also changed:

SymmetricEncryption.decrypt(encrypted, 2, :date)

Needs to be changed to:

SymmetricEncryption.decrypt(encrypted, version: 2, type: :string)

The Rake tasks have been replaced with a new command line interface for managing key configuration and generation. For more info:

symmetric-encryption --help

Configuration changes

In Symmetric Encryption V4 the configuration file is now modified directly instead of using templates. This change is necessary to allow the command line interface to generate new keys and automatically update the configuration file.

Please backup your existing symmetric-encryption.yml prior to upgrading if it is not already in a version control system. This is critical for configurations that have custom code or for prior configurations targeting heroku.

In Symmetric Encryption V4 the defaults for encoding and always_add_header have changed. If these values are not explicitly set in the symmetric-encryption.yml file, set them prior to upgrading.

Prior defaults, set explicitly to these values if missing for all environments:

      encoding:          :base64
      always_add_header: false

New defaults are:

      encoding:          :base64strict
      always_add_header: true

Upgrading to SymmetricEncryption V3

In version 3 of SymmetricEncryption, the following changes have been made that may have backward compatibility issues:

New features in V1.1 and V2

Author

Reid Morrison

Contributors

Versioning

This project uses Semantic Versioning.

Disclaimer

Although this library has assisted in meeting PCI Compliance and has passed previous PCI audits, it in no way guarantees that PCI Compliance will be achieved by anyone using this library.