{"id":15064594,"url":"https://github.com/drieam/keypairs","last_synced_at":"2025-10-08T18:19:38.469Z","repository":{"id":43341585,"uuid":"306865135","full_name":"Drieam/keypairs","owner":"Drieam","description":"Manage application level keypairs with automatic rotation with JWT support","archived":false,"fork":false,"pushed_at":"2025-03-19T11:37:46.000Z","size":50,"stargazers_count":2,"open_issues_count":2,"forks_count":1,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-19T12:32:50.982Z","etag":null,"topics":["jwt","ruby","ruby-on-rails"],"latest_commit_sha":null,"homepage":"https://drieam.github.io/keypairs/","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Drieam.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-10-24T11:06:48.000Z","updated_at":"2025-03-19T11:37:49.000Z","dependencies_parsed_at":"2024-10-13T00:21:04.006Z","dependency_job_id":"ab54a14b-3065-4cb1-85ac-eb4391ce863b","html_url":"https://github.com/Drieam/keypairs","commit_stats":{"total_commits":17,"total_committers":3,"mean_commits":5.666666666666667,"dds":"0.47058823529411764","last_synced_commit":"7ada66e3c43b2b6f3ea4b4527b803ac9d6820502"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Drieam%2Fkeypairs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Drieam%2Fkeypairs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Drieam%2Fkeypairs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Drieam%2Fkeypairs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Drieam","download_url":"https://codeload.github.com/Drieam/keypairs/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248217155,"owners_count":21066634,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jwt","ruby","ruby-on-rails"],"created_at":"2024-09-25T00:22:09.146Z","updated_at":"2025-10-08T18:19:38.327Z","avatar_url":"https://github.com/Drieam.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Keypairs\nApplications often need to have a public/private keypair so sign messages. This gem manages your application level key pairs with automatic rotation and support for encoding and decoding [JWTs](https://jwt.io/).\n\nNote: This gem is intended to work within Rails applications. It can probably be adjusted easily to also work for non-rails / sinatra project but that's out of scope for now. \n\n## Installation\n1. **Add gem**\n\n   Add this line to your application's Gemfile:\n   \n   ```ruby\n   gem 'keypairs'\n   ```\n   \n   The of course run `bundle install`. \n\n2. **Copy migration**\n\n   The default migration file can be copied to your app with:\n   ```bash\n   bundle exec rails keypairs:install:migrations\n   ```\n   \n   Then of course run `bundle exec rails db:migrate`\n\n3. **Setup encryption key**\n\n   The private keys are encrypted with the [lockbox](https://github.com/ankane/lockbox) gem. In order for this to work, you need to set the master key as described in [the readme](https://github.com/ankane/lockbox#key-generation), but the easiest thing is to set the environment variable `LOCKBOX_MASTER_KEY` to a sufficient long string (you can generate one with `Lockbox.generate_key`).\n\n## Usage\nThe central point of this gem is the `Keypair` model which is backed by the `keypairs` table. If you need to sign messages, you can get the current keypair with the `Keypair.current` method. This method performs the rotation of the keypairs if required.\n\nYou can access the private an public key of the keypair (`OpenSSL::PKey::RSA`) and encrypt and decrypt messages with them:\n\n```ruby\nencoded_message = Keypair.current.private_key.private_decrypt('foobar')\nKeypair.current.public_key.public_decrypt(encoded_message)\n# =\u003e 'foobar'\n```\n\n### JWT support\nYou can encode and decode JWTs directly on the class:\n```ruby \npayload = { foo: 'bar' }\nid_token = Keypair.jwt_encode(payload)\ndecoded = Keypair.jwt_decode(id_token)\n```\n\nIt's almost always a good idea to add a subject to your payload and pass the same subject during decoding. That way you know that users don't use a key for other purposes (for example a key intended for an OAuth2 flow used as a session key). So for example:\n\n```ruby\nsubject = 'MyAppSession'\npayload = { foo: 'bar', subject: subject }\nid_token = Keypair.jwt_encode(payload)\ndecoded = Keypair.jwt_decode(id_token, subject: subject)\n``` \n\n### Exposing public keys\nIf you want others to validate your messages based on the public keys, you can share the JWK version of you current keys by adding them to your `config/routes.rb`:\n\n```ruby\nget :jwks, to: Keypairs::PublicKeysController.action(:index)\n```\n\n## Releasing new version\nPublishing a new version is handled by the publish workflow. This workflow publishes a GitHub release to rubygems and GitHub package registry with the version defined in the release.\n\n## Contributing\nBug reports and pull requests are welcome on GitHub at https://github.com/Drieam/keypairs.\n\n## License\nThe gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrieam%2Fkeypairs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdrieam%2Fkeypairs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrieam%2Fkeypairs/lists"}