An ActiveStorage service option that uploads shares across one or more other storage services using Shamir Secret Sharing (via the tss-rb gem). Use it in your storage.yml file. It is not a mirror, but can be named as a storage service.

# in storage.yml
disk1: 
  service: Disk
  root: "tmp/disk1"

disk2:
  service: Disk
  root: "tmp/disk2"

horcrux:
  service: Horcrux
  shares: 5
  threshold: 3
  prefix: true
  services: [ disk1, disk2 ]

• service: name of the service
• shares: (integer) specified the number of shares split across services.
• threshold: (integer) specifies the minimum number of shares are needed to reconstruct the contents.
• prefix: (boolean) prefix the key with the name of the service
• services: one or more other ActiveStorage services in storage.yml

After upload, the blob key is replaced with a comma-separated list of keys for each shard. You can retrieve the blob key(s) and then replace it to hide the share keys (but remember to save them someplace!). Later, you can change the key(s) back again and download the attachment shares (using at least threshold number of keys).

Compatible with the lockbox gem. See this demo example.

% rspec

Bump the version in lib/active_storage/service/version.rb and then

% bundle
% gem build activestorage-horcrux
% gem push activestorage-horcrux-0.0.x.gem

• using Tempfile for passing back keys (yuck)
• strip tss header to avoid correlation
• size limitations (by the tss-rb gem)
• intercept and convert TSS errors to gem-specific errors
• background storage to avoid timestamp correlation
• fix prefixing
• rspec tests broken until blobstub fixed