module Shamu::Security

{include:file:lib/shamu/events/README.md}

{include:file:lib/shamu/security/README.md}

Constants

ENV_PRIVATE_KEY

See {.private_key}

Public Class Methods

private_key() click to toggle source

@!attribute

A strong key used to authenticate (not encrypt) input from untrusted sources (such as cookies, headers, etc).

If the key has not been {#private_key= set then shamu will look for an environment variable named SHAMU_PRIVATE_KEY.

## To generate a strong key

“` # 1024-bit private key key = SecureRandom.base64( 128 ) “` @return [String]

# File lib/shamu/security.rb, line 33
def self.private_key
  @private_key ||= ENV[ ENV_PRIVATE_KEY ] || fail( "No private key configured. Set Shamu::Security.private_key or add an the #{ ENV_PRIVATE_KEY } environment variable to the host." ) # rubocop:disable Metrics/LineLength
end
private_key=( key ) click to toggle source

@param [String] key to use. @return [String]

# File lib/shamu/security.rb, line 39
def self.private_key=( key )
  @private_key = key && Base64.decode64( key )
end