class EncryptedStore::ActiveRecord::EncryptionKey

Public Class Methods

_create_primary_key(dek) click to toggle source
# File lib/encrypted_store/active_record/encryption_key.rb, line 55
def _create_primary_key(dek)
  self.new.tap { |key|
    key.dek = EncryptedStore.encrypt_key(dek, true)
    key.primary = true
    key.save!
  }
end
_has_primary?() click to toggle source
# File lib/encrypted_store/active_record/encryption_key.rb, line 51
def _has_primary?
  where(primary: true).exists?
end
new_key(custom_key = nil) click to toggle source
# File lib/encrypted_store/active_record/encryption_key.rb, line 15
def new_key(custom_key = nil)
  dek = custom_key || SecureRandom.random_bytes(32)

  transaction {
    _has_primary? && where(primary: true).first.update_attributes(primary: false)
    _create_primary_key(dek)
  }
end
preload(amount) click to toggle source

Preload the most recent `amount` keys.

# File lib/encrypted_store/active_record/encryption_key.rb, line 41
def preload(amount)
  primary_encryption_key # Ensure there's at least a primary key
  order('id DESC').limit(amount)
end
primary_encryption_key() click to toggle source
# File lib/encrypted_store/active_record/encryption_key.rb, line 10
def primary_encryption_key
  new_key unless _has_primary?
  where(primary: true).last || last
end
retire_keys(key_ids = []) click to toggle source
# File lib/encrypted_store/active_record/encryption_key.rb, line 24
def retire_keys(key_ids = [])
  pkey = primary_encryption_key

  ActiveRecord::Mixin.descendants.each { |model|
    records = key_ids.empty? ? model.where("encryption_key_id != ?", pkey.id)
                             : model.where("encryption_key_id IN (?)", key_ids)

    records.find_in_batches do |batch|
      batch.each { |record| record.reencrypt(pkey) }
    end
  }

  pkey
end
rotate_keys() click to toggle source
# File lib/encrypted_store/active_record/encryption_key.rb, line 46
def rotate_keys
  new_key
  retire_keys
end

Public Instance Methods

decrypted_key() click to toggle source
# File lib/encrypted_store/active_record/encryption_key.rb, line 64
def decrypted_key
  EncryptedStore.decrypt_key(self.dek, self.primary)
end