{"id":13879101,"url":"https://github.com/reidmorrison/symmetric-encryption","last_synced_at":"2025-04-04T15:09:49.738Z","repository":{"id":2255904,"uuid":"3211258","full_name":"reidmorrison/symmetric-encryption","owner":"reidmorrison","description":"Symmetric Encryption for Ruby Projects using OpenSSL ","archived":false,"fork":false,"pushed_at":"2023-10-10T10:53:10.000Z","size":901,"stargazers_count":477,"open_issues_count":17,"forks_count":88,"subscribers_count":27,"default_branch":"master","last_synced_at":"2025-03-28T14:07:42.985Z","etag":null,"topics":["compliance","encryption","openssl","pci","ruby","symmetric-keys"],"latest_commit_sha":null,"homepage":"https://logger.rocketjob.github.io/","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/reidmorrison.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2012-01-18T18:42:18.000Z","updated_at":"2025-03-06T15:01:00.000Z","dependencies_parsed_at":"2024-01-13T20:57:01.775Z","dependency_job_id":"6aaca319-6703-40d9-96a3-365fdfa7dc1e","html_url":"https://github.com/reidmorrison/symmetric-encryption","commit_stats":{"total_commits":256,"total_committers":29,"mean_commits":8.827586206896552,"dds":0.171875,"last_synced_commit":"dd3d2a0207a91927096497f6b9692d22ab641884"},"previous_names":["rocketjob/symmetric-encryption","clarityservices/symmetric-encryption"],"tags_count":38,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reidmorrison%2Fsymmetric-encryption","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reidmorrison%2Fsymmetric-encryption/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reidmorrison%2Fsymmetric-encryption/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reidmorrison%2Fsymmetric-encryption/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/reidmorrison","download_url":"https://codeload.github.com/reidmorrison/symmetric-encryption/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247198463,"owners_count":20900080,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["compliance","encryption","openssl","pci","ruby","symmetric-keys"],"created_at":"2024-08-06T08:02:09.852Z","updated_at":"2025-04-04T15:09:49.721Z","avatar_url":"https://github.com/reidmorrison.png","language":"Ruby","funding_links":[],"categories":["Ruby"],"sub_categories":[],"readme":"# Symmetric Encryption\n[![Gem Version](https://img.shields.io/gem/v/symmetric-encryption.svg)](https://rubygems.org/gems/symmetric-encryption) [![Build Status](https://github.com/reidmorrison/symmetric-encryption/workflows/build/badge.svg)](https://github.com/reidmorrison/symmetric-encryption/actions?query=workflow%3Abuild) [![Downloads](https://img.shields.io/gem/dt/symmetric-encryption.svg)](https://rubygems.org/gems/symmetric-encryption) [![License](https://img.shields.io/badge/license-Apache%202.0-brightgreen.svg)](http://opensource.org/licenses/Apache-2.0) ![](https://img.shields.io/badge/status-Production%20Ready-blue.svg) \n\n* https://encryption.rocketjob.io/\n\nTransparently encrypt ActiveRecord, and Mongoid attributes. Encrypt passwords in configuration files. Encrypt entire files at rest.\n\n## Introduction\n\nAny project that wants to meet PCI compliance has to ensure that the data is encrypted\nwhilst in flight and at rest. Amongst many other requirements all passwords\nin configuration files also have to be encrypted.\n\nSymmetric Encryption helps achieve compliance by supporting encryption of data in a simple\nand consistent way.\n\nSymmetric Encryption uses OpenSSL to encrypt and decrypt data, and can therefore\nexpose all the encryption algorithms supported by OpenSSL.\n\n## Documentation\n\n[Symmetric Encryption Guide](https://encryption.rocketjob.io/)\n\n## Rocket Job\n\nCheckout the sister project [Rocket Job](http://rocketjob.io): Ruby's missing batch system.\n\nFully supports Symmetric Encryption to encrypt data in flight and at rest while running jobs in the background.\n\n## Upgrading to Rails V7\n\nThere is a method naming conflict with Rails 7, which has its own `encrypted_attributes` method.\n\nAs a result the older `attr_encrypted` mechanism is no longer available with Rails 7. \nMigrate the use of `attr_encrypted` to `attribute` as described in the [Frameworks Guide](https://encryption.rocketjob.io/frameworks.html).\n\n## Upgrading to SymmetricEncryption V4\n\nVersion 4 of Symmetric Encryption has completely adopted the Ruby keyword arguments on most API's where\nmultiple arguments are being passed, or where a Hash was being used before.\n\nThe encrypt and decrypt API now require keyword arguments for any optional arguments.\n\nThe following does _not_ change:\n\n~~~ruby\nencrypted = SymmetricEncryption.encrypt('Hello World')\nSymmetricEncryption.decrypt(encrypted)\n~~~\n\nThe following is _not_ backward compatible:\n~~~ruby\nSymmetricEncryption.encrypt('Hello World', false, false, :date)\n~~~\n\nNeeds to be changed to:\n~~~ruby\nSymmetricEncryption.encrypt('Hello World', random_iv: false, compress: false, type: :date)\n~~~\n\nOr, just to change the type:\n~~~ruby\nSymmetricEncryption.encrypt('Hello World', type: :date)\n~~~\n\nSimilarly the `decrypt` api has also changed:\n~~~ruby\nSymmetricEncryption.decrypt(encrypted, 2, :date)\n~~~\n\nNeeds to be changed to:\n~~~ruby\nSymmetricEncryption.decrypt(encrypted, version: 2, type: :string)\n~~~\n\nThe Rake tasks have been replaced with a new command line interface for managing key configuration and generation. \nFor more info:\n~~~\nsymmetric-encryption --help\n~~~\n\n#### Configuration changes\n\nIn Symmetric Encryption V4 the configuration file is now modified directly instead\nof using templates. This change is necessary to allow the command line interface to\ngenerate new keys and automatically update the configuration file.\n \nPlease backup your existing `symmetric-encryption.yml` prior to upgrading if it is not\nalready in a version control system. This is critical for configurations that have custom\ncode or for prior configurations targeting heroku.\n\nIn Symmetric Encryption V4 the defaults for `encoding` and `always_add_header` have changed.\nIf these values are not explicitly set in the `symmetric-encryption.yml` file, set them\nprior to upgrading.\n\nPrior defaults, set explicitly to these values if missing for all environments:\n~~~yaml\n      encoding:          :base64\n      always_add_header: false\n~~~\n\nNew defaults are:\n~~~yaml\n      encoding:          :base64strict\n      always_add_header: true\n~~~\n\n\n## Upgrading to SymmetricEncryption V3\n\nIn version 3 of SymmetricEncryption, the following changes have been made that\nmay have backward compatibility issues:\n\n* `SymmetricEncryption.decrypt` no longer rotates through all the decryption keys\n  when previous ciphers fail to decrypt the encrypted string.\n  In a very small, yet significant number of cases it was possible to decrypt data\n  using the incorrect key. Clearly the data returned was garbage, but it still\n  returned a string of data instead of throwing an exception.\n  See `SymmetricEncryption.select_cipher` to supply your own custom logic to\n  determine the correct cipher to use when the encrypted string does not have a\n  header and multiple ciphers are defined.\n\n* Configuration file format prior to V1 is no longer supported.\n\n* New configuration option has been added to support setting encryption keys\n  from environment variables.\n\n* `Cipher.parse_magic_header!` now returns a Struct instead of an Array.\n\n* New config options `:encrypted_key` and `:encrypted_iv` to support setting\n  the encryption key in environment variables, or from other sources such as ldap\n  or a central directory service.\n\n## New features in V1.1 and V2\n\n* Ability to randomly generate a new initialization vector (iv) with every\n  encryption and put the iv in the encrypted data as its header, without having\n  to use `SymmetricEncryption::Writer`.\n\n* With file encryption randomly generate a new key and initialization vector (iv) with every\n  file encryption and put the key and iv in the encrypted data as its header which\n  is encrypted using the global key and iv.\n\n* Support for compression.\n\n* `SymmetricEncryption.encrypt` has two additional optional parameters:\n    * random_iv `[true|false]`\n        * Whether the encypted value should use a random IV every time the\n          field is encrypted.\n        * It is recommended to set this to true where feasible. If the encrypted\n          value could be used as part of a SQL where clause, or as part\n          of any lookup, then it must be false.\n        * Setting random_iv to true will result in a different encrypted output for\n          the same input string.\n        * Note: Only set to true if the field will never be used as part of\n          the where clause in an SQL query.\n        * Note: When random_iv is true it will add a 8 byte header, plus the bytes\n          to store the random IV in every returned encrypted string, prior to the\n          encoding if any.\n        * Note: Adds a 6 byte header prior to encoding, if not already configured\n          to add the header to all encrypted values.\n        * Default: false\n        * Highly Recommended where feasible: true\n\n    * compress [true|false]\n        * Whether to compress prior to encryption.\n        * Should only be used for large strings since compression overhead and\n          the overhead of adding the 'magic' header may exceed any benefits of\n          compression.\n        * Default: false\n\n## Author\n\n[Reid Morrison](https://github.com/reidmorrison)\n\n[Contributors](https://github.com/reidmorrison/symmetric-encryption/graphs/contributors)\n\n## Versioning\n\nThis project uses [Semantic Versioning](http://semver.org/).\n\n## Disclaimer\n\nAlthough this library has assisted in meeting PCI Compliance and has passed\nprevious PCI audits, it in no way guarantees that PCI Compliance will be\nachieved by anyone using this library.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freidmorrison%2Fsymmetric-encryption","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freidmorrison%2Fsymmetric-encryption","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freidmorrison%2Fsymmetric-encryption/lists"}