{"id":13828734,"url":"https://github.com/ankane/hypershield","last_synced_at":"2025-11-17T14:02:14.055Z","repository":{"id":46238668,"uuid":"127699127","full_name":"ankane/hypershield","owner":"ankane","description":"Shield sensitive data in Postgres and MySQL","archived":false,"fork":false,"pushed_at":"2025-10-22T05:16:03.000Z","size":55,"stargazers_count":312,"open_issues_count":2,"forks_count":14,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-11-16T00:18:37.287Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ankane.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-04-02T03:42:03.000Z","updated_at":"2025-11-04T09:50:53.000Z","dependencies_parsed_at":"2024-01-13T20:39:36.808Z","dependency_job_id":"97a2caad-9acd-4109-bf7a-65d959f632d1","html_url":"https://github.com/ankane/hypershield","commit_stats":{"total_commits":78,"total_committers":3,"mean_commits":26.0,"dds":0.02564102564102566,"last_synced_commit":"fffd84553fb038298da470b43ddad48653ba2dea"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/ankane/hypershield","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ankane%2Fhypershield","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ankane%2Fhypershield/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ankane%2Fhypershield/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ankane%2Fhypershield/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ankane","download_url":"https://codeload.github.com/ankane/hypershield/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ankane%2Fhypershield/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":284893575,"owners_count":27080531,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-17T02:00:06.431Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T09:03:05.271Z","updated_at":"2025-11-17T14:02:14.019Z","avatar_url":"https://github.com/ankane.png","language":"Ruby","funding_links":[],"categories":["Ruby"],"sub_categories":[],"readme":"# Hypershield\n\n:zap: Shield sensitive data in Postgres and MySQL\n\nGreat for business intelligence tools like [Blazer](https://github.com/ankane/blazer)\n\n[![Build Status](https://github.com/ankane/hypershield/actions/workflows/build.yml/badge.svg)](https://github.com/ankane/hypershield/actions)\n\n## How It Works\n\nHypershield creates *shielded views* (in the `hypershield` schema by default) that hide sensitive tables and columns. The advantage of this approach over column-level privileges is you can use `SELECT *`.\n\nBy default, it hides columns with:\n\n- `encrypted`\n- `password`\n- `token`\n- `secret`\n\nGive database users access to these views instead of the original tables.\n\n## Installation\n\nAdd this line to your application’s Gemfile:\n\n```ruby\ngem \"hypershield\"\n```\n\nAnd run:\n\n```sh\nrails generate hypershield:install\n```\n\nHypershield is disabled in non-production environments by default. You can do a dry run with:\n\n```sh\nrake hypershield:refresh:dry_run\n```\n\nNext, set up your production database.\n\n- [Postgres](#postgres)\n- [MySQL](#mysql)\n\nWhen that’s done, deploy to production and run:\n\n```sh\nrails db:migrate\n```\n\nThe schema will automatically refresh.\n\n## Database Setup\n\n### Postgres\n\nCreate a new schema in your database\n\n```sql\nCREATE SCHEMA hypershield;\n```\n\nGrant privileges\n\n```sql\nGRANT USAGE ON SCHEMA hypershield TO myuser;\n\n-- replace migrations with the user who manages your schema\nALTER DEFAULT PRIVILEGES FOR ROLE migrations IN SCHEMA hypershield\n    GRANT SELECT ON TABLES TO myuser;\n\n-- keep public in search path for functions\nALTER ROLE myuser SET search_path TO hypershield, public;\n```\n\nAnd connect as the user and make sure there’s no access the original tables\n\n```sql\nSELECT * FROM public.users LIMIT 1;\n```\n\n### MySQL\n\nCreate a new schema in your database\n\n```sql\nCREATE SCHEMA hypershield;\n```\n\nGrant privileges\n\n```sql\nGRANT SELECT, SHOW VIEW ON hypershield.* TO myuser;\nFLUSH PRIVILEGES;\n```\n\nAnd connect as the user and make sure there’s no access the original tables\n\n```sql\nSELECT * FROM mydb.users LIMIT 1;\n```\n\n## Configuration\n\nSet configuration in `config/initializers/hypershield.rb`.\n\nSpecify the schema to use and columns to show and hide\n\n```ruby\nHypershield.schemas = {\n  hypershield: {\n    hide: [\"encrypted\", \"password\", \"token\", \"secret\"],\n    show: [\"ahoy_visits.visitor_token\", \"ahoy_visits.visit_token\"]\n  }\n}\n```\n\nLog Hypershield SQL statements\n\n```ruby\nHypershield.log_sql = true\n```\n\nEnable or disable Hypershield in an environment\n\n```ruby\nHypershield.enabled = Rails.env.production?\n```\n\n## History\n\nView the [changelog](CHANGELOG.md)\n\n## Contributing\n\nEveryone is encouraged to help improve this project. Here are a few ways you can help:\n\n- [Report bugs](https://github.com/ankane/hypershield/issues)\n- Fix bugs and [submit pull requests](https://github.com/ankane/hypershield/pulls)\n- Write, clarify, or fix documentation\n- Suggest or add new features\n\nTo get started with development:\n\n```sh\ngit clone https://github.com/ankane/hypershield.git\ncd hypershield\nbundle install\n\n# Postgres\ncreatedb hypershield_test\nbundle exec rake test\n\n# MySQL\nmysqladmin create hypershield_test\nADAPTER=mysql2 bundle exec rake test\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fankane%2Fhypershield","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fankane%2Fhypershield","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fankane%2Fhypershield/lists"}