{"id":19711707,"url":"https://github.com/brightcommerce/attr_cipher","last_synced_at":"2025-04-29T18:30:46.963Z","repository":{"id":62553701,"uuid":"89302757","full_name":"brightcommerce/attr_cipher","owner":"brightcommerce","description":"Provides functionality to transparently store encrypted attributes in ActiveRecord models.","archived":false,"fork":false,"pushed_at":"2019-01-07T14:46:06.000Z","size":20,"stargazers_count":5,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-19T08:23:54.156Z","etag":null,"topics":["activerecord","aes-256-cbc","attributes","cipher","decryption","encryption","openssl"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brightcommerce.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"MIT-LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-04-25T01:19:34.000Z","updated_at":"2019-01-07T14:46:07.000Z","dependencies_parsed_at":"2022-11-03T04:45:32.955Z","dependency_job_id":null,"html_url":"https://github.com/brightcommerce/attr_cipher","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brightcommerce%2Fattr_cipher","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brightcommerce%2Fattr_cipher/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brightcommerce%2Fattr_cipher/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brightcommerce%2Fattr_cipher/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brightcommerce","download_url":"https://codeload.github.com/brightcommerce/attr_cipher/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251559732,"owners_count":21609063,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["activerecord","aes-256-cbc","attributes","cipher","decryption","encryption","openssl"],"created_at":"2024-11-11T22:13:27.414Z","updated_at":"2025-04-29T18:30:46.692Z","avatar_url":"https://github.com/brightcommerce.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Gem Version](https://badge.fury.io/rb/attr_cipher.svg)](https://badge.fury.io/rb/attr_cipher)\n[![Build Status](https://travis-ci.org/brightcommerce/attr_cipher.svg?branch=master)](https://travis-ci.org/brightcommerce/attr_cipher)\n[![codecov.io](https://codecov.io/github/brightcommerce/attr_cipher/coverage.svg?branch=master)](https://codecov.io/github/brightcommerce/attr_cipher?branch=master)\n[![contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/brightcommerce/attr_cipher/pulls)\n\n# AttrCipher\n\n[**AttrCipher**](https://github.com/brightcommerce/attr_cipher) provides functionality to store encrypted attributes in ActiveRecord models. Values are encrypted and decrypted transparently.\n\nUsing the same secret for both encryption of plaintext and decryption of ciphertext, **AttrCipher** uses a method that is known as a symmetric-key algorithm, specifically the Advanced Encryption Standard Cipher-Block Chaining algorithm with a 256bit key (AES-256-CBC). However, you can provide your own cipher algorithm to **AttrCipher**, if you prefer. As a side note, 256bit AES is what the United States government uses to encrypt information at the Top Secret level.\n\n***Version 2.0.0+ Breaking Changes***\n\n_Please note:_ AttrCipher is **no longer automatically included** in models anymore. You will need to either `require attr_cipher/active_record` in an initializer, or `include AttrCipher` in each model using the `attr_cipher` macro. This is to prevent pollution of ActiveRecord::Base. See [usage](#usage) section below for details.\n\n## Installation\n\nTo install add the following line to your `Gemfile`:\n\n``` ruby\ngem 'attr_cipher', '~\u003e 2.0'\n```\n\nAnd run `bundle install`.\n\n## Dependencies\n\nRuntime:\n- activerecord (\u003e= 4.2.6)\n- activesupport (\u003e= 4.2.6)\n\nDevelopment/Test:\n- rake (~\u003e 10.5.0)\n- rspec (~\u003e 3.7.0)\n- sqlite3 (~\u003e 1.3.13)\n- simplecov (~\u003e 0.16.1)\n- factory_bot (~\u003e 4.8.2)\n\n## Compatibility\n\nTested with Ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-darwin18] against ActiveRecord 5.2.2 on macOS Mojave 10.14 (18A391).\n\n**AttrCipher** uses OpenSSL to perform the cipher.\n\n## Usage\n\n**AttrCipher** uses a global secret by default and it must be at least 100 characters or more. You can set the secret by setting `AttrCipher.secret` (e.g. `$ openssl rand -hex 50`).\n\n```ruby\n# config/initializers/attr_cipher.rb\nAttrCipher.secret = Rails.application.secrets.secret_key_base\n```\n\nYou can also set the secret on a per attribute basis.\n\n```ruby\nclass User\n  include AttrArray\n\n  attr_cipher :api_key, secret: Rails.application.secrets.secret_key_base\nend\n```\n\nAdd the attribute as a column to your ActiveRecord migration with `_cipher` appended to the attribute name:\n\n```ruby\nActiveRecord::Schema.define do\n  create_table :users do |t|\n    t.text :api_key_cipher\n  end\nend\n```\n\nTo include AttrCipher in all models, add the following to an initializer:\n\n```ruby\n# config/initializers/attr_cipher.rb\nrequire 'attr_cipher/active_record'\n```\n\nYou then don't need to `include AttrCipher` in any model.\n\nAttributes to be encrypted are declared using the `attr_cipher` class method in your model:\n\n```ruby\nclass User \u003c ActiveRecord::Base\n  attr_cipher :api_key\nend\n```\n\nIn the above example, **AttrCipher** automatically creates the `#api_key` getter and `#api_key=` setter. The getter automatically decrypts the return value. The setter encrypts the value provided and stores it in the `api_key_cipher` column.\n\nIf you don't want to use the AES-256-CBC cipher, you can provide your own cipher object. Define an object that responds to `encrypt(secret, value)` and `decrypt(secret, value)` class methods:\n\n```ruby\nmodule CustomCipher\n  def self.encrypt(secret, value)\n    value.to_s.reverse\n  end\n  def self.decrypt(secret, value)\n    value.to_s.reverse\n  end\nend\n```\n\nThen pass the custom cipher object to the `cipher` option of the `attr_cipher` class method:\n\n```ruby\nclass User \u003c ActiveRecord::Base\n  attr_cipher :api_key, cipher: CustomCipher\nend\n```\n\nSometimes we need to store values that are aren't strings. In order to encrypt other value types  you can pass the `serialize` option with a value of `true` to the `attr_cipher` class method:\n\n```ruby\nclass User \u003c ActiveRecord::Base\n  attr_cipher :api_key, serialize: true\nend\n```\n\nUsing the serialize option will cause the value to be serialized and deserialized using YAML during the encrypting and decrypting process. No changes are necessary to the column type in the table migration, it should remain as `text`.\n\n## Tests\n\nTests are written using Rspec, FactoryBot and Sqlite3. There are 17 examples with 100% code coverage.\n\nTo run the tests, execute the default rake task:\n\n``` bash\nbundle exec rake\n```\n\n## Contributing\n\n1. Fork it\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Add some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create new Pull Request\n\n## Credit\n\nI would like to thank [Nando Vieira](http://nandovieira.com/) for his [encrypt_attr](https://github.com/fnando/encrypt_attr) gem from which some of the code was derived. The `encrypt_attr` gem is a better fit for non-ActiveRecord use.\n\nThis gem was written and is maintained by [Jurgen Jocubeit](https://github.com/JurgenJocubeit), CEO and President Brightcommerce, Inc.\n\n## License\n\nThe gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).\n\n## Copyright\n\nCopyright 2017-2019 Brightcommerce, Inc. All rights reserved.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrightcommerce%2Fattr_cipher","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrightcommerce%2Fattr_cipher","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrightcommerce%2Fattr_cipher/lists"}