This gem adds transparent encryption to the Rails cache. It supports the following cache stores:
Add this line to your application's Gemfile:
gem 'encrypted_store'
And then execute:
$ bundle
Or install it yourself as:
$ gem install encrypted_store
By default optional encryption using your application's secret_key_base
is enabled for all stores.
To encrypt a specific key pass in the encrypt: true
option to your cache call:
Rails.cache.fetch 'a-key', encrypt: true do
{a: 1, b: 2, c: 3}
end
To make encryption the default behavior:
config.cache_store = :mem_cache_store, 'localhost', encrypt: true
To use a custom encryption key:
config.cache_store = :mem_cache_store, 'localhost', encryption_key: ENV['ANOTHER_KEY']
This will work fine with compression - when both options are enabled a value is compressed first and then encrypted (compressing an encrypted value will result in insignificant savings at best).
All other cache options / functionality should still work.
I haven't tested it yet but this should work with ActionDispatch::Session::CacheStore.
You will need to manually initialize encrypted_store
before you create your cache:
require 'encrypted_store/initialize'
encryption_key
is required since there's no secret_key_base
to fall back on:
CACHE = ActiveSupport::Cache.lookup_store :mem_cache_store, 'localhost', encrypt: true, encryption_key: ENV['MY_KEY']
Usage is otherwise identical to the Rails
section above:
CACHE.fetch 'a-key', encrypt: true do
{a: 1, b: 2, c: 3}
end
EncryptedStore
uses a single global encryption key. This is to avoid storing the encryption key inside of the serialized ActiveSupport::Cache::Entry that's directly stored in the cache store (and thus defeating the purpose of this gem).
EncryptedStore
uses ActiveSupport::MessageEncryptor under the hood for encryption which (apparently) uses the aes-256-cbc
cipher by default.
To generate an appropriate key:
2.3.0 :001> SecureRandom.hex(64)
=> "1e1514226155cf1f98356cac25498f461ac224e79557caaeea8dc2827910d3b64a5c1daf741ef72d35676c6534c6eb5dcf59c86d96e
- support for (DalliStore (if you need
memcached
support you can use the built-inMemCacheStore
which usesdalli
under the hood anyway) - add tests/support for ActionDispatch::Session::CacheStore
After checking out the repo, run bundle
to install dependencies.
The test suite contains several disparate pieces:
test/activesupport
contains the caching tests from the most current stable version ofrails
test/redis-activesupport
contains the tests from the most current version ofredis-activesupport
spec/*
contains gem specific tests
Both of the externally sourced tests are modified to run twice, once with default encryption disabled and once with it enabled. There are more combinations we could test but for now this seems to be enough.
To run the test suite you will need:
- an instance of memcached listening on port 11121
- two instances of redis listening on 6379 and 6380
Then, run
rake spec
to run the tests. You can also runbin/console
for an interactive prompt that will allow you to experiment.
The default rake
task will run all of the tests. To run only the external tests use rake test
and to run the gem specific tests use rake spec
To install this gem onto your local machine, run bundle exec rake install
. To release a new version, update the version number in version.rb
, and then run bundle exec rake release
, which will create a git tag for the version, push git commits and tags, and push the .gem
file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/modosc/encrypted_store.
encrypted_store
is released under the MIT License.