An ActiveStorage service option that uploads shares across one or more other storage services using Shamir Secret Sharing (via the tss-rb gem). Use it in your storage.yml file. It is not a mirror, but can be named as a storage service.
# in storage.yml
disk1:
service: Disk
root: "tmp/disk1"
disk2:
service: Disk
root: "tmp/disk2"
horcrux:
service: Horcrux
shares: 5
threshold: 3
prefix: true
services: [ disk1, disk2 ]
Configuration elements:
- service: name of the service
- shares: (integer) specified the number of shares split across services.
- threshold: (integer) specifies the minimum number of shares are needed to reconstruct the contents.
- prefix: (boolean) prefix the key with the name of the service
- services: one or more other ActiveStorage services in storage.yml
After upload, the blob key is replaced with a comma-separated list of keys for each shard. You can retrieve the blob key(s) and then replace it to hide the share keys (but remember to save them someplace!). Later, you can change the key(s) back again and download the attachment shares (using at least threshold number of keys).
Demo
Compatible with the lockbox gem. See this demo example.
Testing
% rspec
Development
Bump the version in lib/active_storage/service/version.rb and then
% bundle
% gem build activestorage-horcrux
% gem push activestorage-horcrux-0.0.x.gem
To-do/Issues
using Tempfile for passing back keys (yuck)- strip tss header to avoid correlation
- size limitations (by the tss-rb gem)
- intercept and convert TSS errors to gem-specific errors
- background storage to avoid timestamp correlation
- fix prefixing
rspec tests broken until blobstub fixed