{"id":17163671,"url":"https://github.com/cyberdelia/sequel-vault","last_synced_at":"2026-03-06T18:03:23.043Z","repository":{"id":29907063,"uuid":"33452837","full_name":"cyberdelia/sequel-vault","owner":"cyberdelia","description":"Encrypt Sequel attribute","archived":false,"fork":false,"pushed_at":"2018-01-14T22:45:25.000Z","size":17,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-27T05:41:34.093Z","etag":null,"topics":["encryption","sequel","sequel-plugin"],"latest_commit_sha":null,"homepage":"https://rubygems.org/gems/sequel_vault","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyberdelia.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-04-05T19:44:26.000Z","updated_at":"2023-09-26T14:05:01.000Z","dependencies_parsed_at":"2022-09-07T18:01:08.851Z","dependency_job_id":null,"html_url":"https://github.com/cyberdelia/sequel-vault","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberdelia%2Fsequel-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberdelia%2Fsequel-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberdelia%2Fsequel-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberdelia%2Fsequel-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyberdelia","download_url":"https://codeload.github.com/cyberdelia/sequel-vault/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248731625,"owners_count":21152835,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encryption","sequel","sequel-plugin"],"created_at":"2024-10-14T22:49:44.555Z","updated_at":"2026-03-06T18:03:18.018Z","avatar_url":"https://github.com/cyberdelia.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Sequel-vault\n\nUse [fernet](https://github.com/fernet/fernet-rb) to encrypt columns values in your Sequel database.\n\n## Installation\n\nInstall it directly using gem:\n\n```\ngem install sequel_vault\n```\n\nOr adding it to your ``Gemfile``:\n\n```\ngem \"sequel_vault\"\n```\n\n## Usage\n\n## Configure\n\nA straightforward example, passing keys and columns that will be encrypted\ntransparently:\n\n```ruby\nclass Credential \u003c Sequel::Model\n  plugin :vault, ['9cLL4qVO+bkEqGQtcvQX4Cz4uJ1ni9Nb83ipU/9klsw='], :token\nend\n```\n\nAlong with a typical migration for this setup:\n\n```ruby\nSequel.migration do\n  change do\n    alter_table(:credentials) do\n      add_column(:token, :bytea)\n      add_column(:token_digest, :bytea)\n      add_column(:key_id, :smallint)\n    end\n  end\nend\n```\n\n### Keys\n\nVault use [fernet](https://github.com/fernet/fernet-rb) behind the scene, the\nkeys should be 32 bytes of random data, base64-encoded.\n\nTo generate one you can use:\n\n```console\n$ dd if=/dev/urandom bs=32 count=1 2\u003e/dev/null | openssl base64\n```\n\nYou can specify more than one key to be used. The last keys of the array will\nbe used as the default for encryption.\n\n### Keys migration\n\nIf a ``key_id`` column is present, vault will set its value to the length of\nthe keys array. You can check if a key is still in use using:\n\n```ruby\nCredential.where(key_id: 1).empty?\n```  \n\nYou should avoid removing a key when using ``key_id``, unless you proceed to\nmigrate its value.\n\nHere is a migration example to add a ``key_id`` column:\n\n```ruby\nSequel.migration do\n  change do\n    alter_table(:credentials) do\n      add_column(:key_id, :smallint)\n    end\n  end\nend\n```\n\n### Digest lookup\n\nTo allow lookup by a know secret, vault allow an optional digest column for each\nencrypted attribute, using the ``_digest`` suffix:\n\n```ruby\nSequel.migration do\n  change do\n    alter_table(:credentials) do\n      add_column(:token_digest, :bytea)\n    end\n  end\nend\n```\n\nYou can then lookup using the provided dataset lookup:\n\n```ruby\nCredential.token_lookup('secret')\n```\n\n### Unencrypted data\n\nVault will return plain-text data if none of the keys can successfully decrypt\nthe stored value, effectively allowing encrypt on write migration.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberdelia%2Fsequel-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberdelia%2Fsequel-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberdelia%2Fsequel-vault/lists"}