Rahasia
WARNING
this gem is alpha version. Do not use on production. Currently support String type and ActiveRecord.
Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file lib/rahasia
. To experiment with that code, run bin/console
for an interactive prompt.
This Gem is wrapper for Lockbox, Vault and Vault Transit.
This gem wraps the endpoints for HashiCorp's Vault Transit secret backend. It is dependent upon the vault gem. This gem has patterns and code copied from HashiCorp's vault-ruby gem. Use this gem when you simply want to use the Transit secret backend and you don't need the Rails integration.
TODO: Delete this and the text above, and describe your gem
Installation
Add this line to your application's Gemfile:
gem 'rahasia'
And then execute:
$ bundle
Or install it yourself as:
$ gem install rahasia
Usage
Install Library Rahasia using Rails generator
rails generate rahasia:install
# config/initializer/rahasia.rb
# frozen_string_literal: true
Rahasia.setup do |config|
config.master_key = 'please-change-me-at-config-initializers-rahasia' # SecureRandom.hex(32)
config.adapter = 'lockbox' # available ['vault','lockbox']
config.vault_app = 'qontak'
config.vault = {address: 'http://localhost', ssl_verify: false, token: 'token'}
end
Create Migration to add encrypted_column
rails generate rahasia:migration credentials token
It will generate column token
and token_encrypted
. Please comment the token
if your column already exists.
class RahasiaCredentialstokenUserId < ActiveRecord::Migration
def change
add_column :credentials, :token, :string
add_column :credentials, :token_encrypted, :text
end
end
Run Migration on Rails
bundle exec rake db:migrate
ig or for Rails 5 above
bundle exec rails db:migrate
Model
# app/model/credential.rb
class Credential < ActiveRecord::Base
include Rahasia
enrcypt_column :token, type: :string
end
Lockbox
Configuration :
Rahasia.setup do |config|
config.master_key = 'please-change-me-at-config-initializers-rahasia'
config.adapter = 'lockbox'
end
Save encryptrion
credential = Credential.new(token: 'ThisIsMyToken!')
credential.save
credential.token
# ThisIsMyToken!
On the database save
credential.token
# Actual Record on Database:
# '--encrypted:29bb68380340aa4be790438e83400c30---'
# Show on irb:
# ThisIsMyToken!
credential.token_encrypted
# 7GifGwD7+Ls23FX8jyvt5JLWySPGd3300axNyc325sh/
Vault
Rahasia.setup do |config|
config.adapter = 'vault'
config.vault_app = 'qontak'
config.vault = {address: 'http://localhost', ssl_verify: false, token: 'token'}
end
Save encryptrion
credential = Credential.new(token: 'ThisIsMyToken!')
credential.save
credential.token
# ThisIsMyToken!
On the database save
credential.token
# Actual Record on Database:
# '--encrypted:49bb68380340a23be790438e83400c29---'
# Show on irb:
# ThisIsMyToken!
credential.token_encrypted
# Actual Record on Database:
# 'vault:v1:ex/xISRe7exDqeHkIPfTeUmGusyVI/szlwRk83wGyLidc9oO+om2fp6a'
Development
After checking out the repo, run bin/setup
to install dependencies. Then, run rake spec
to run the tests. You can also run bin/console
for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install
. To release a new version, update the version number in version.rb
, and then run bundle exec rake release
, which will create a git tag for the version, push git commits and tags, and push the .gem
file to rubygems.org.
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/qontak-dev/rahasia. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.
TODO:
- Create Travis for Rails 4, 5, 6
- Create Travis for Ruby 2.1.0, 2.2.0, 2.3.8, 2.4.5, 2.5.3, 2.6.2
- Create test for generate installer
- Create test for generate migration
License
The gem is available as open source under the terms of the MIT License.
Code of Conduct
Everyone interacting in the Rahasia project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.