Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
大事なデータを守りたい!ActiveRecord Encryptionと、より安全かつ検索可能...
Search
free_world21
October 27, 2024
Programming
0
9
大事なデータを守りたい!ActiveRecord Encryptionと、より安全かつ検索可能な暗号化手法の実装例の紹介
Kaigi on Rails Day2にて使用した発表用スライドです。
https://kaigionrails.org/2024/talks/f-world21/
free_world21
October 27, 2024
Tweet
Share
More Decks by free_world21
See All by free_world21
DjangoとRailsを使って趣味として政治資金を透明化するプロダクトを作ってる話
free_world21
0
39
Ruby on Rails on Kubernetesってどうなの?
free_world21
0
10
Ruby on Rails と Django を比較してみる
free_world21
1
190
Shinjuku.rb#95:心の技術書紹介
free_world21
1
220
Rails engineを用いたゆるふわモジュラーモノリス のご紹介
free_world21
1
390
『Railsオワコン』と言われる時代に、なぜブルーモ証券はRailsを選ぶのか
free_world21
3
1.2k
東証障害報告書を読み解く
free_world21
0
210
Ruby/Railsの勉強会のおかげでブルーモ証券起業した
free_world21
2
440
エンジニアとしての属性軸(自己分析軸?)を考えてみた
free_world21
0
110
Other Decks in Programming
See All in Programming
コード書くの好きな人向けAIコーディング活用tips #orestudy
77web
3
270
Using AI Tools Around Software Development
inouehi
0
1.1k
Perlで痩せる
yuukis
1
680
Blueskyのプラグインを作ってみた
hakkadaikon
1
460
Use Perl as Better Shell Script
karupanerura
0
680
Devinで実践する!AIエージェントと協働する開発組織の作り方
masahiro_nishimi
6
2.9k
Interface vs Types ~型推論が過多推論~
hirokiomote
1
250
ktr0731/go-mcpでMCPサーバー作ってみた
takak2166
0
140
JSAI2025 RecSysChallenge2024 優勝報告
unonao
1
440
Webからモバイルへ Vue.js × Capacitor 活用事例
naokihaba
0
450
カクヨムAndroidアプリのリブート
numeroanddev
0
380
赤裸々に公開。 TSKaigiのオフシーズン
takezoux2
0
110
Featured
See All Featured
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Navigating Team Friction
lara
186
15k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
47
2.8k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
16
910
Music & Morning Musume
bryan
46
6.6k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
29
9.5k
Building Flexible Design Systems
yeseniaperezcruz
328
39k
Making Projects Easy
brettharned
116
6.2k
Adopting Sorbet at Scale
ufuk
77
9.4k
Embracing the Ebb and Flow
colly
85
4.7k
Transcript
ブルーモ証券株式会社 ©2024 Bloomo Securities Inc. େࣄͳσʔλΛकΓ͍ͨʂ "DUJWF3FDPSE&ODSZQUJPOͱɺ ΑΓ҆શ͔ͭݕࡧՄೳͳ ҉߸Խख๏ͷ࣮ྫͷհ ,BJHJPO3BJMT%BZ!)BMM#MVF
খྛޛ࢙ OPFM 4BU
©2024 Bloomo Securities Inc. • খྛޛ࢙ʢখྛϊΤϧʣ • ϒϧʔϞূ݊גࣜձࣾऔక$50 • 0NPUFTBOEPSC
3PQQPOHJSC 4IJOKVLVSCͱ͔ʹΑ͍͘· ͢ • ཱྀߦɾੈքͷίϫʔΩϯάεϖʔεΊ͙Γʢϫʔέʔγϣϯ తͳԿ͔ʣ͕͖ • झຯͰʲ࣏ࢿۚσʔλϕʔεʳΛ։ൃͯ͠·͢ ͖ͳόϯυ • -`"SDdFOd$JFM 1*&3305 THE FARM@NY CARR WORKPLACE@Chicago @free_world21
©2024 Bloomo Securities Inc. *OEFY ձࣾհˍഎܠհ ͦͦ҉߸Խͱʁ "DUJWF3FDPSE&ODSZQUJPOͷհ "DUJWF3FDPSE&ODSZQUJPOͰ࣮ݱͮ͠Β͍ཁ݅ͷྫ ֤छ҉߸Խख๏͝հ
attr_encryptedΛ࣮ͬͨྫ ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհ ·ͱΊ • ͞ͳ͍͜ͱɿ҉߸ԽΞϧΰϦζϜͱ͔ൿີܭࢉɾݕࡧͱ͔ • ରऀɿ։ൃ͍ͯ͠Δ3BJMTΞϓϦͷσʔλ҉߸Խʹڵຯ͕͋Δਓ • తɿ"DUJWF3FDPSE&ODSZQUJPO BUUS@FODSZQUFE MPDLCPYͷ֓ཁͱ͔͍ͭͲ͜ΖΛཧղ͢Δ͜ͱ • ൃදࢿྉޙ΄Ͳެ։͠·͢
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrϓϩμΫτ ถࠃגࢿ࢈ӡ༻ΞϓϦ#MPPNPΛఏڙதʂ ίϐϖͰʮόϑΣοτࢿʯεϚϗ݁Ͱएऀؾܰʹ :065)'*/"/$&ᶃ
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrϓϩμΫτػೳ ϙʔτϑΥϦΦػೳͰɺߴͳࢿ࢈ӡ༻ͷϋʔυϧΛԼ͍͛ͯΔ ϙʔτϑΥϦΦࢿػೳ ڞ༗ɾίϐʔػೳ ถࠃגɾ&5'ͰཧͷϙʔτϑΥϦΦΛ࡞ͨ͠Βɺ ྆ସങϒϧʔϞ͕ࣗಈࣥߦͯ͘͠ΕΔɻ
ෳฑͷࢄࢿ͕खؒͳ࣮͘ݱͰ͖Δ ʢϢʔβʔͷอ༗ฑҎ্ʢຊฏۉͷഒఔʣʣ ॳ৺ऀͰϙʔτϑΥϦΦ࡞͕Մೳʹ ʢϢʔβʔͷׂҎ্͕ίϐʔ͔Β։࢝ʣ ઐՈଞͷϢʔβʔͷϙʔτϑΥϦΦΛݟͯɺ ϫϯλοϓͰίϐʔͰ͖Δɻ
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrۀ͔Β͜Ε·ͰͷาΈ ݄ ݄
݄ ݄ ݄ ݄ ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥϯυ ԯԁௐୡ ট੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種(証券会社) ライセンス取得・プロダクトリリースを続けてきた。
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrۀ͔Β͜Ε·ͰͷาΈ ݄ ݄
݄ ݄ ݄ ݄ ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥϯυ ԯԁௐୡ ট੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種(証券会社) ライセンス取得・プロダクトリリースを続けてきた。 ূ݊ձࣾͱͯ͠ͷ rails new .
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrۀ͔Β͜Ε·ͰͷาΈ ݄ ݄
݄ ݄ ݄ ݄ ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥϯυ ԯԁௐୡ ট੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種(証券会社) ライセンス取得・プロダクトリリースを続けてきた。 ূ݊ձࣾͱͯ͠ͷ rails new .
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrূ݊γεςϜΛ࡞Δ͏͑Ͱ • Կ͔גΛങ͏ͨΊʹূ݊ձࣾͷޱ࠲Λͭ͘Βͳ͚Ε͍͚ͳ͍ • ূ݊ձࣾʢͷγεςϜʣΛ࡞ΔͨΊʹ༷ʑͳཁ݅ʢ๏ͳͲʣΛकΒͳ͚Ε͍͚ͳ͍ •
ηΩϡϦςΟʔपΓʹΑΓؾΛ͏ඞཁ͕͋Δ • αΠόʔ߈ܸͳͲΛؚΉɺใηΩϡϦςΟʹؔ͢ΔڴҖ͕ͷ͍͍͢͝Ͱڧ·͍ͬͯΔ – ૬͙࣍ݸਓใྲྀग़ – ϥϯαϜΣΞʹΑΔඃʢχίχίಈըʣ ͓٬༷ʢ͏ଆʣઢ ΤϯδχΞʢ࡞Δଆʣઢ
©2024 Bloomo Securities Inc. ͦͦ҉߸Խͱʁ҉߸ԽͱϋογϡԽ “小林ノエル” “m6mlF70S3Qoqt86hyUJzWxhwW6JYgyXgBPPJHrhvVAGQ” “$2a$10$aBy67z2lE8O/OO/Xfnr7ZO6sQCP948cWDM/9Mi fMGR5472nkfqGUW” “小林ノエル”
҉߸Խ ϋογϡԽ • σʔλΛಛఆͷ҉߸ݤΛͬͯม͠ɺਖ਼͍͠ݤ͕ͳ͍ͱݩʹͤͳ͍Α͏ʹ͢Δॲཧ • σʔλͷػີੑΛอޢ͢ΔͨΊʹΘΕΔ • σʔλΛҰํͷݻఆͷʹม͢Δ͜ͱͰɺݩͷσʔλʹͤͳ͍Α͏ʹ͢Δॲཧ • ओʹσʔλͷ߹ੑΛ֬ೝ͢ΔͨΊʹΘΕΔ 🔑 ฏจ ҉߸จ ݩσʔλ ϋογϡ
©2024 Bloomo Securities Inc. ͦͦ҉߸Խͱʁͳͥ҉߸Խ͢Δͷ͔ • ೖޱରࡦɾ෦ରࡦɾग़ޱରࡦͷ͏ͪɺ෦ରࡦͷ͏ͪͷͭ – ೖޱରࡦ •
ϑΝΠΞΥʔϧɾϑΟϧλʔ • ଟཁૉೝূɺ71/ͳͲ – ෦ରࡦ • σʔλ҉߸Խ • ϩάࢹ – ग़ޱରࡦ • ௨৴Ͱ͖Δܦ࿏ΛߜΔ • ֎෦σόΠεͷσʔλॻ͖ࠐΈ੍ݶ • Կ͔σʔλ͕ྲྀग़ͨ͠ͱ͖ͷඃΛ͑ΔͨΊͷख๏
©2024 Bloomo Securities Inc. ͦͦ҉߸Խͱr҉߸ԽΛ͢Δࡍʹߟྀ͖͢ϙΠϯτ • ҉߸ԽͷΞϧΰϦζϜ – %&4 "&4
34" &$$ ʜ – ΄ͱΜͲͷ߹ϑϨʔϜϫʔΫϥΠϒϥϦͷσϑΥϧτʢਪʣͷͷΛ͑0, • ຊͷ͓ͷείʔϓ֎ • ݤͷཧํ – ҉߸ݤΛͲ͜ʹ͓͍ͯ୭͕ཧ͢Δͷ͔ʁ • ҉߸Խͷ୯Ґ – ͲͷΑ͏ͳ୯ҐͰ҉߸Խ͢Δ͔ • ΞϓϦέʔγϣϯͯ͢ΛͭͷݤͰҰׅ҉߸Խ • ͋Δఔ·ͱ·ͬͨ୯Ґʢςʔϒϧ͝ͱͱ͔ʣͰ҉߸ݤΛΘ͚Δ • Ϩίʔυ͝ͱʹ҉߸ݤΛΘ͚Δ • ݕࡧੑೳ – ҉߸Խͨ͠σʔλΛ%#ʹೖΕΔͱଟ͘ͷ߹Ͱݕࡧ͕Ͱ͖ͳ͘ͳΔ – ඞཁʹԠͯ͡ΞϓϦέʔγϣϯϨΠϠͰݕࡧػೳΛ࣮͢Δඞཁ͕͋Δ ݤͷཧํ ҉߸Խͷ୯Ґ ݕࡧੑೳ
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷհr֓ཁͱ؆୯ͳ͍ํͷ͝հ • 3BJMT "DUJWF3FDPSE ʹΈࠐ·Ε͍ͯΔ҉߸Խػߏ
– %#ʹอଘ͢Δͱ͖ʹ҉߸Խ͞Εͯอଘ͞ΕΔ – ΞϓϦέʔγϣϯɿฏจͱͯ͠ѻ͑Δɺ%#ɿ҉߸จͱͯ͠อଘ͞ΕΔ $ rails db:encryption:init Add this entry to the credentials of the target environment: active_record_encryption: primary_key: azc7QkZYSg9ll01TjBNpnURUnF42gt1s deterministic_key: U987a4KAnhfA5oAQrLY7pYaTqysIYqqE key_derivation_salt: puoi8lJbvyM4FQErFYJ26BFuE1OJLHtf secret_key_base: hogehogefugafuga…… active_record_encryption: primary_key: azc7QkZYSg9ll01TjBNpnURUnF42gt1s deterministic_key: U987a4KAnhfA5oAQrLY7pYaTqysIYqqE key_derivation_salt: puoi8lJbvyM4FQErFYJ26BFuE1OJLHtf config/credentials.yml.enc にそのままコピペ
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷհr֓ཁͱ؆୯ͳ͍ํͷ͝հ • 3BJMT "DUJWF3FDPSE ʹΈࠐ·Ε͍ͯΔ҉߸Խػߏ
– %#ʹอଘ͢Δͱ͖ʹ҉߸Խ͞Εͯอଘ͞ΕΔ – ΞϓϦέʔγϣϯɿฏจͱͯ͠ѻ͑Δɺ%#ɿ҉߸จͱͯ͠อଘ͞ΕΔ class PersonalInfo < ApplicationRecord encrypts :first_name encrypts :last_name end
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷհr֓ཁͱ؆୯ͳ͍ํͷ͝հ • ҉߸ݤଐੑ͝ͱʹจࣈྻΧελϜΩʔϓϩόΠμΛࢦఆՄೳ class PersonalInfo
< ApplicationRecord encrypts :first_name, key: "some secret key for personal_info" encrypts :last_name, key_provider: PersonalInfoKeyProvider.new end • ܾఆత҉߸ԽΛ͑ݕࡧՄೳ class PersonalInfo < ApplicationRecord encrypts :first_name, deterministic: true encrypts :last_name, deterministic: true end
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷհrʲ҉߸ԽΛ͢Δࡍʹߟྀ͖͢ϙΠϯτʳʹরΒ͠߹ΘͤΔͱ • ݤͷཧํ – config/credentials.yml.enc ʹهࡌ
– ΧελϜΩʔϓϩόΠμΛ͑ϓϩάϥϜతʹऔಘՄೳʢྫɿ,.4 4FDSFU.BOBHFS ʣ • ҉߸Խͷ୯Ґ – σϑΥϧτͰ୯ҰͷݤͰͯ͢ͷରσʔλΛ҉߸Խ – ΧελϜΩʔϓϩόΠμΛ͑ɺΫϥεʢςʔϒϧʣ͝ͱʹ͚Δ͜ͱՄೳ • ݕࡧੑೳ – σϑΥϧτͰඇܾఆత҉߸ԽʢݕࡧෆՄೳʣ – ܾఆత҉߸ԽϞʔυʹ͢ΕݕࡧՄೳ ݤͷཧํ ҉߸Խͷ୯Ґ ݕࡧੑೳ
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͰ࣮ݱͮ͠Β͍ཁ݅rۚ༥ػؔΛྫʹ • ݤͷཧํ – ਓ͕ؒཧͨ͘͠ͳ͍ –
ʢ͜͜"DUJWF3FDPSE&ODSZQUJPOͰ࣮ݱͰ͖Δʣ • ҉߸Խͷ୯Ґ – ձࣾͦͷͷͷੑ࣭ˍѻ͏σʔλͷॏཁੑ͔ΒɺϨίʔυ͝ͱʹҟͳΔ҉߸ݤΛ͍͍ͨ • ݸਓใ • ϚΠφϯόʔʢҰ࣌తʣ • ຊਓ֬ೝॻྨը૾ʢ໔ڐূͳͲʣ • ʢΫϨδοτΧʔυ൪߸ʣ • ݕࡧੑೳ – ͓٬༷͔Βͷ͍߹Θ͕ͤ͋ͬͨͱ͖ʹɺຊਓ֬ೝͷͨΊʹҰఆ߲Ͱͷݕࡧඞཁ • ໊લͱੜ݄ • ॅॴ ݤͷཧํ ҉߸Խͷ୯Ґ ݕࡧੑೳ
©2024 Bloomo Securities Inc. ֤छ҉߸Խख๏͝հrattr_encryptedͱlockbox • 3BJMT✕҉߸ԽͰҰ൪ྺ࢙͕ݹ͍ – "DUJWF3FDPSE&ODSZQUJPOҎલ͔Β͋Δ –
'JSTUSFMFBTF • ଟ͘ͷࢀߟจݙ͕͋Δ • খྛ͕ࣗੲ͔Βͬͯͨܦݧ͕͋Δ • attr_encrypted ͷݱ൛తͳҐஔ͚ͮ • ͍ํ"DUJWF3FDPSE&ODSZQUJPOattr_encryptedͱ͍͍ͩͨಉ͡ • "DUJWF3FDPSE&ODSZQUJPOΑΓগ͚ͩ͠લʹॳظϦϦʔε – "DUJWF3FDPSE&ODSZQUJPO 3BJMT – lockboxGJSTUSFMFBTF attr_enctypted lockbox
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr҉߸ݤͷཧํͷΦϓγϣϯ ڥมʹฏจͷ҉߸ݤΛஔ͘ – Ұ൪γϯϓϧͰ؆୯͕ͩ੬ऑ
4FDSFU.BOBHFSͳͲΞϓϦέʔγϣϯαʔόͷ֎ʹฏจͷ҉߸ݤΛஔ͘ – 👆ΑΓ҆શ͕ͩґવͱͯ͠ਓ͕ؒཧ͢Δඞཁ͕͋Δ 3BJMTͷ&ODZQUFE$SFEFOUJBMTΛ͏ – credentials.yml.encΛෳ߹͢Δݤʢmaster.keyʣΛͲ͏͢Δ͔ͱ͍͏ݦࡏ – ͬͺΓਓ͕ؒཧ͢Δඞཁ͕͋Δ ,FZ.BOBHFNFOU4FSJWDFΛ͔ͭ͏ – "84 ($1 "[VSFͳͲɺΫϥυϓϩόΠμͳΒجຊతʹఏڙͯ͠Δ
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr,FZ.BOBHFNFOU4FSWJDFͱʢ"84Λྫʹʣ • $VTUPNFS.BTUFS,FZʢ$.,ʣΛࢦఆͯ͠ɺEBUBLFZʢ৽͍͠҉߸ݤʣΛཁٻ͢Δ – "
• ҎԼͷͷ͕,.4͔Βฦͬͯ͘Δ – "ฏจͷ҉߸ݤ – #"͕҉߸Խ͞Εͨͷ • ҉߸Խɿ"Ͱ҉߸Խͯ͠ɺͦΕফڈɻ#Λ%#ͳͲʹอଘ͓ͯ͘͠ɻ • ෮߸Խɿ#Λ,.4ʹ͚͛ͭΔͱ෮߸Խͯ͠ฦͯ͘͠ΕΔʢ"ΛಘΒΕΔʣͷͰɺσʔλຊମ Λ"Ͱ෮߸Խ͢Δ CMK has_many :data_keys
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr,.4ΛͬͨϨίʔυ͝ͱͷ҉߸Խ࣮ྫ ,.4͔Βऔಘͨ͠ʲ҉߸Խ͞Εͨ҉߸ݤ #
ʳΛอଘ͢ΔͨΊͷΧϥϜ encrypted_data_keyΛ҉߸ԽରΫϥεʢςʔϒϧʣʹՃ ԼهͷΑ͏ͳϝιουΛͭmoduleΛఆٛ module KmsKey def data_key kms_client = Aws::KMS::Client.new(region: aws_region) if self.encrypted_data_key kms_client.decrypt(ciphertext_blob: self.encrypted_data_key) else resp = kms_client.generate_data_key( key_id: Rails.application.config.x.common['kms_cmk_id’], key_spec: 'AES_256’, ) self.encrypted_data_key = resp.ciphertext_blob resp.plaintext end end
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr,.4ΛͬͨϨίʔυ͝ͱͷ҉߸Խ࣮ྫ ҉߸ԽରϑΟʔϧυΛఆٛ class
PersonalInfo < ApplicationRecord include KmsKey attr_encrypted :first_name, key: :data_key, algorithm: 'aes-256-gcm’ attr_encrypted :last_name, key: :data_key, algorithm: 'aes-256-gcm'
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr,.4ΛͬͨϨίʔυ͝ͱͷ҉߸Խ࣮ྫ Ϩίʔυ͝ͱʹ҉߸ݤΛม͑ͭͭɺಁաతʹѻ͑ΔΑ͏ʹͳΔ personal_info.first_name
= ”ϊΤϧ” personal_info.last_name = “খྛ” personal_info.save! personal_info = PersonalInfo.find(1) puts personal_info.first_name # => “ϊΤϧ” puts personal_info.last_name # => “খྛ”
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫrΞοϓϩʔυը૾ͷ҉߸Խ class IdDocumentImage < ApplicationRecord
include KmsKey mount_uploader :uploader, IdDocumentImageUploader before_save :encrypt_file! def encrypt_file! iv = Cipher.generate_iv self.uploader_iv = Base64.strict_encode64(iv) cipher = Cipher.new(key: data_key, cipher_iv: iv) resp = cipher.encrypt(value: uploader.file.read) File.binwrite(uploader.file.path, resp) end • DBSSJFSXBWFΛྫʹ͝հ • Ϩίʔυ͝ͱʹ҉߸ݤΛม͑ͭͭɺΞοϓϩʔυը૾ͦͷͷ҉߸Խͯ͠อଘ
©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհr҉߸Խͭͭ͠ݕࡧՄೳʹ͢ΔΦϓγϣϯ ܾఆత҉߸ԽΛ͏ – "DUJWF3FDPSE&ODSZQUJPO͕࠾༻͍ͯ͠Δํ –
ಉ͡҉߸ԽݤͰ҉߸Խ͍ͯ͠Δσʔλ܊ʹରͯ͠Մೳͳख๏ &MBTUJD4FBSDIͳͲͷݕࡧϞδϡʔϧΛ༻ҙ͠ɺͦ͜ʹฏจͷσʔλΛ֨ೲ͢Δ – &MBTUJD4FBSDIΞϓϦέʔγϣϯαʔό͔ΒͷΈΞΫηεՄೳͰɺܦ࿏ྖҬ҆શͱ ͍͏લఏ ݕࡧ࣌ΞϓϦέʔγϣϯαʔόͰҰׅෳ߹ͯ͠ɺίʔυ্Ͱݕࡧ͢Δ – PersonalInfo.all.eachΈ͍ͨʹ͢ΔΠϝʔδ ݕࡧ༻ʹରϑΟʔϧυʢࢯ໊ɺॅॴͳͲʣͷϋογϡΛผςʔϒϧʹอଘ͢Δ – શҰகͷݕࡧͷΈՄೳ
©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհr҉߸ԽରσʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞͢Δྫ class PersonalInfoHash < ApplicationRecord
belongs_to :personal_info end class PersonalInfo < ApplicationRecord include KmsKey …… has_many :personal_info_hashes • PersonalInfoHashϞσϧʢςʔϒϧʣΛఆٛ – key: string – value: string
©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհr҉߸ԽରσʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞͢Δྫ class PersonalInfo < ApplicationRecord
after_save :save_hashes def save_hashes save_name_hash save_tel_hash ... end def save_name_hash raw_value = last_name + first_name pi_hash = personal_info_hashes.find_or_initialize_by(key: 'last_name_and_first_name’) pi_hash.value = BCrypt::Engine.hash_secret(raw_value, ENV['HASH_SALT’]) pi_hash.save! end • after_save ͱ͔ͰPersonalInfo ͷϨίʔυͱҰॹʹ࡞Δ • ҉߸ֶత)BTIؔͱΓ͋͑ͣBcrypt͓͚ͬͯྑͦ͞͏
©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհr҉߸ԽରσʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞͢Δྫ hash_value = BCrypt::Engine.hash_secret(searching_value, ENV['HASH_SALT’])
personal_infos = PersonalInfoHash .where(key: 'last_name_and_first_name', hash_value: hash_value) .map(&:personal_info) • ݕࡧ͢Δͱ͖ݕࡧϫʔυͷϋογϡΛܭࢉͯ͠ݕࡧ
©2024 Bloomo Securities Inc. ·ͱΊ Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ڥม 4FDSFU.BOBHFS
DSFEFOUJMBTZNMFOD ,.4 ܾఆత҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI ۪ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ͍ํ ΧελϚΠζ͢ΕͰ͖Δ • ࠓճ͝հͨ͠ํ๏Λಛੑ͝ͱʹ·ͱΊ·͢ ҉߸Խͷ ୯Ґ ҉߸ݤͷ ཧ ݕࡧख๏
©2024 Bloomo Securities Inc. ·ͱΊr"DUJWF3FDPSE&ODSZQUJPO Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ڥม 4FDSFU.BOBHFS
DSFEFOUJMBTZNMFOD ,.4 ܾఆత҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI ۪ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ͍ํ ΧελϚΠζ͢ΕͰ͖Δ • େͷཁ݅ຬͨͤΔ • ಋೖͷෑډ͍ – config.active_record.encryption.support_unencrypted_data = true ҉߸Խͷ ୯Ґ ҉߸ݤͷ ཧ ݕࡧख๏
©2024 Bloomo Securities Inc. ·ͱΊrBUUS@FODSZQUFEMPDLCPY Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ܾఆత҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI
۪ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ͍ํ ΧελϚΠζ͢ΕͰ͖Δ • "DUJWF3FDPSE&ODSZQUJPOͰཁ͕݅ຬͨͤͳ͍߹ʢϨίʔυ͝ͱ҉߸ԽͳͲʣʹݕ౼ • ,.4ར༻ kms_encrypted ɺϋογϡԽݕࡧ blind_index ผͷgem͕͋Δ • ৽نҊ݅ͳΒlockboxɺطଘίʔυΛ͍·Θ͍ͨ͠߹attr_encrypted ҉߸Խͷ ୯Ґ ҉߸ݤͷ ཧ ݕࡧख๏ ڥม 4FDSFU.BOBHFS DSFEFOUJMBTZNMFOD ,.4
©2024 Bloomo Securities Inc. Ұॹʹ#MPPNPͷαʔϏε։ൃΛ ͯ͘͠ΕΔؒΛืूதʂ https://careers.bloomo.co.jp/ 8FBSF)JSJOH