{"id":15792875,"url":"https://github.com/basesecrete/secure_attribute","last_synced_at":"2025-04-01T14:32:04.483Z","repository":{"id":56894718,"uuid":"116578388","full_name":"BaseSecrete/secure_attribute","owner":"BaseSecrete","description":"Encrypt attributes of any Ruby object or ActiveRecord model.","archived":false,"fork":false,"pushed_at":"2019-01-28T09:10:48.000Z","size":11,"stargazers_count":10,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-25T05:02:12.573Z","etag":null,"topics":["encryption","ruby","ruby-on-rails"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BaseSecrete.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-01-07T15:52:08.000Z","updated_at":"2022-03-21T16:03:26.000Z","dependencies_parsed_at":"2022-08-20T16:10:47.245Z","dependency_job_id":null,"html_url":"https://github.com/BaseSecrete/secure_attribute","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BaseSecrete%2Fsecure_attribute","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BaseSecrete%2Fsecure_attribute/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BaseSecrete%2Fsecure_attribute/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BaseSecrete%2Fsecure_attribute/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BaseSecrete","download_url":"https://codeload.github.com/BaseSecrete/secure_attribute/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246655036,"owners_count":20812573,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption","ruby","ruby-on-rails"],"created_at":"2024-10-04T23:06:18.359Z","updated_at":"2025-04-01T14:32:04.177Z","avatar_url":"https://github.com/BaseSecrete.png","language":"Ruby","readme":"# Secure Attribute\n\n*Secure Attribute* is a ruby gem to encrypt attributes of any Ruby object or ActiveRecord model. It is made to protect sensitive data, such as API secrets, OAuth tokens or even FTP passwords.\n\nWhile there are already a few encryption gems out there, *Secure Attribute* has no dependencies and no code constraints.\n\n## Installation\n\nAdd `gem \"secure_attribute\"` to your Gemfile and run `bundle install`.\n\nThen, generate an encryption key:\n\n```ruby\nSecureAttribute.export_random_key_base64(\"AES-256-CBC\")\n```\n\nThe key is encoded in base 64 to make it more convenient to store it in an environment variable.\n**Make sure you do not lose your encryption key or you won't be able to decrypt any data.**\n\n## Usage\n\n*For the examples bellow we assume the key is stored in the environment variable `SECURE_ATTRIBUTE_KEY`.*\n\nThere are 2 ways to use it:\n\n- You can call the helper method `attr_secure` which creates the relevant attribute accessors if missing, or surrounds them with the encryption mechanism.\n\n```ruby\nclass User \u003c ActiveRecord::Base\n  include SecureAttribute\n  attr_secure :oauth_secret, algorithm: \"AES-256-CBC\", key: Base64.decode64(ENV[\"SECURE_ATTRIBUTE_KEY\"])\nend\n\nuser = User.new(oauth_secret: \"test\")\nuser.attributes[:oauth_secret] # =\u003e \"$AES-256-CBC$c+qXJa1f3dd8y26rjAvGNQ==$fhMvLkC7g+gaw5pxqpkFlQ==\"\nuser.oauth_secret # =\u003e \"test\"\n```\n\n- If your prefer to control manually the encryption stuff, or if the surrounding attribute accessors mess up with your code, you can do it like this:\n\n```ruby\nclass User\n  def oauth_secret=(value)\n    @oauth_secret = value ? SecureAttribute.encipher(\"AES-256-CBC\", value, ENV[\"SECURE_ATTRIBUTE_KEY\"]) : nil\n  end\n\n  def oauth_secret\n    SecureAttribute.decipher(@oauth_secret, ENV[\"SECURE_ATTRIBUTE_KEY\"]) if @oauth_secret\n  end\nend\n```\n\n## Storage format\n\nIn addition to the data, *Secure Attribute* stores the encryption algorithm and the initialisation vector into a format inspired by Bcrypt:\n\n```\n$algorithm$iv$encrypted_data\n```\n\nThis has 2 benefits:\n- You don't need an extra column in your database to store the initialisation vector.\n- It gives you more flexibility in the future to switch to another encryption algorithm.\n\n## MIT License\n\nMade by [Base Secrète](https://basesecrete.com/en).\n\nRails developer? Check out [RoRvsWild](https://www.rorvswild.com), our Ruby on Rails application monitoring tool.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbasesecrete%2Fsecure_attribute","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbasesecrete%2Fsecure_attribute","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbasesecrete%2Fsecure_attribute/lists"}