大事なデータを守りたい！ActiveRecord Encryptionと、より安全かつ検索可能な暗号化手法の実装例の紹介

Transcript

1. ブルーモ証券株式会社 ©2024 Bloomo Securities Inc. େࣄͳσʔλΛकΓ͍ͨʂ "DUJWF3FDPSE
   &ODSZQUJPOͱɺ ΑΓ҆શ͔ͭݕࡧՄೳͳ ҉߸Խख๏ͷ࣮૷ྫͷ঺հ ,BJHJ
   PO
   3BJMT
   
   %BZ!)BMM
   #MVF

   খྛޛ࢙ OPFM  4BU

2. ©2024 Bloomo Securities Inc. • খྛ
   ޛ࢙ʢখྛ
   ϊΤϧʣ • ϒϧʔϞূ݊גࣜձࣾ
   औక໾$50 • 0NPUFTBOEPSC

   
   3PQQPOHJSC
   4IJOKVLVSCͱ͔ʹΑ͍͘· ͢ • ཱྀߦɾੈքͷίϫʔΩϯάεϖʔεΊ͙Γʢϫʔέʔγϣϯ తͳԿ͔ʣ͕޷͖ • झຯͰʲ੓࣏ࢿۚσʔλϕʔεʳΛ։ൃͯ͠·͢ ޷͖ͳόϯυ • -`"SDdFOd$JFM
   1*&3305 THE FARM@NY CARR WORKPLACE@Chicago @free_world21

3. ©2024 Bloomo Securities Inc. *OEFY 
   
   
   ձࣾ঺հˍഎܠ঺հ 
   
   
   ͦ΋ͦ΋҉߸Խͱ͸ʁ 
   
   
   "DUJWF3FDPSE
   &ODSZQUJPOͷ঺հ 
   
   
   "DUJWF3FDPSE
   &ODSZQUJPOͰ͸࣮ݱͮ͠Β͍ཁ݅ͷྫ 
   
   
   ֤छ҉߸Խख๏͝঺հ

   
   
   attr_encrypted
   Λ࢖࣮ͬͨ૷ྫ 
   
   
   ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հ 
   
   
   ·ͱΊ • ࿩͞ͳ͍͜ͱɿ҉߸ԽΞϧΰϦζϜͱ͔ൿີܭࢉɾݕࡧͱ͔ • ର৅ऀɿ։ൃ͍ͯ͠Δ3BJMTΞϓϦͷσʔλ҉߸Խʹڵຯ͕͋Δਓ • ໨తɿ"DUJWF3FDPSE
   &ODSZQUJPO
   BUUS@FODSZQUFE
   MPDLCPYͷ֓ཁͱ͔͍ͭͲ͜ΖΛཧղ͢Δ͜ͱ • ൃදࢿྉ͸ޙ΄Ͳެ։͠·͢

4. ©2024 Bloomo Securities Inc. 
   ձࣾ঺հˍഎܠ঺հ
   r
   ϓϩμΫτ ถࠃגࢿ࢈ӡ༻ΞϓϦ#MPPNPΛఏڙதʂ ίϐϖͰʮόϑΣοτ౤ࢿʯ
   εϚϗ׬݁Ͱएऀ΋ؾܰʹ :065)
   '*/"/$&ᶃ

5. ©2024 Bloomo Securities Inc. 
   ձࣾ঺հˍഎܠ঺հ
   r
   ϓϩμΫτػೳ ϙʔτϑΥϦΦػೳͰɺߴ౓ͳࢿ࢈ӡ༻ͷϋʔυϧΛԼ͍͛ͯΔ ϙʔτϑΥϦΦ౤ࢿػೳ ڞ༗ɾίϐʔػೳ ถࠃגɾ&5'Ͱཧ૝ͷϙʔτϑΥϦΦΛ࡞੒ͨ͠Βɺ ྆ସ΍ങ෇͸ϒϧʔϞ͕ࣗಈࣥߦͯ͘͠ΕΔɻ

   ෳ਺໏ฑ΁ͷ෼ࢄ౤ࢿ͕खؒͳ࣮͘ݱͰ͖Δ ʢϢʔβʔͷอ༗໏ฑ਺͸Ҏ্ʢ೔ຊฏۉͷഒఔ౓ʣʣ ॳ৺ऀͰ΋ϙʔτϑΥϦΦ࡞੒͕Մೳʹ ʢϢʔβʔͷׂҎ্͕ίϐʔ͔Β։࢝ʣ ઐ໳Ո΍ଞͷϢʔβʔͷϙʔτϑΥϦΦΛݟͯɺ ϫϯλοϓͰίϐʔͰ͖Δɻ

6. ©2024 Bloomo Securities Inc. 
   ձࣾ঺հˍഎܠ঺հ
   r
   ૑ۀ͔Β͜Ε·ͰͷาΈ  ݄  ݄ 

   ݄  ݄  ݄  ݄ ૑ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥ΢ϯυ ԯԁௐୡ ট଴੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ೥ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種（証券会社） ライセンス取得・プロダクトリリースを続けてきた。

7. ©2024 Bloomo Securities Inc. 
   ձࣾ঺հˍഎܠ঺հ
   r
   ૑ۀ͔Β͜Ε·ͰͷาΈ  ݄  ݄ 

   ݄  ݄  ݄  ݄ ૑ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥ΢ϯυ ԯԁௐୡ ট଴੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ೥ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種（証券会社） ライセンス取得・プロダクトリリースを続けてきた。 ূ݊ձࣾͱͯ͠ͷ rails new .

8. ©2024 Bloomo Securities Inc. 
   ձࣾ঺հˍഎܠ঺հ
   r
   ૑ۀ͔Β͜Ε·ͰͷาΈ  ݄  ݄ 

   ݄  ݄  ݄  ݄ ૑ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥ΢ϯυ ԯԁௐୡ ট଴੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ೥ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種（証券会社） ライセンス取得・プロダクトリリースを続けてきた。 ূ݊ձࣾͱͯ͠ͷ rails new .

9. ©2024 Bloomo Securities Inc. 
   ձࣾ঺հˍഎܠ঺հ
   r
   ূ݊γεςϜΛ࡞Δ͏͑Ͱ • Կ͔גΛങ͏ͨΊʹ͸ূ݊ձࣾͷޱ࠲Λͭ͘Βͳ͚Ε͹͍͚ͳ͍ • ূ݊ձࣾʢͷγεςϜʣΛ࡞ΔͨΊʹ͸༷ʑͳཁ݅ʢ๏཯ͳͲʣΛकΒͳ͚Ε͹͍͚ͳ͍ •

   ηΩϡϦςΟʔपΓʹ΋ΑΓؾΛ࢖͏ඞཁ͕͋Δ • αΠόʔ߈ܸͳͲΛؚΉɺ৘ใηΩϡϦςΟʹؔ͢ΔڴҖ͕΋ͷ͍͢͝੎͍Ͱڧ·͍ͬͯΔ – ૬͙࣍ݸਓ৘ใྲྀग़ – ϥϯαϜ΢ΣΞʹΑΔඃ֐ʢχίχίಈըʣ ͓٬༷ʢ࢖͏ଆʣ໨ઢ ΤϯδχΞʢ࡞Δଆʣ໨ઢ

10. ©2024 Bloomo Securities Inc. 
    
    ͦ΋ͦ΋҉߸Խͱ͸ʁ
    
    ҉߸ԽͱϋογϡԽ “小林ノエル” “m6mlF70S3Qoqt86hyUJzWxhwW6JYgyXgBPPJHrhvVAGQ” “$2a$10$aBy67z2lE8O/OO/Xfnr7ZO6sQCP948cWDM/9Mi fMGR5472nkfqGUW” “小林ノエル”

    ҉߸Խ ϋογϡԽ • σʔλΛಛఆͷ҉߸ݤΛ࢖ͬͯม׵͠ɺਖ਼͍͠ݤ͕ͳ͍ͱݩʹ໭ͤͳ͍Α͏ʹ͢Δॲཧ • σʔλͷػີੑΛอޢ͢ΔͨΊʹ࢖ΘΕΔ • σʔλΛҰํ޲ͷݻఆ௕ͷ஋ʹม׵͢Δ͜ͱͰɺݩͷσʔλʹ໭ͤͳ͍Α͏ʹ͢Δॲཧ • ओʹσʔλͷ੔߹ੑΛ֬ೝ͢ΔͨΊʹ࢖ΘΕΔ 🔑 ฏจ ҉߸จ ݩσʔλ ϋογϡ஋

11. ©2024 Bloomo Securities Inc. 
    
    ͦ΋ͦ΋҉߸Խͱ͸ʁ
    
    ͳͥ҉߸Խ͢Δͷ͔ • ೖޱରࡦɾ಺෦ରࡦɾग़ޱରࡦͷ͏ͪɺ಺෦ରࡦͷ͏ͪͷͭ – ೖޱରࡦ •

    ϑΝΠΞ΢ΥʔϧɾϑΟϧλʔ • ଟཁૉೝূɺ71/ͳͲ – ಺෦ରࡦ • σʔλ҉߸Խ • ϩά؂ࢹ – ग़ޱରࡦ • ௨৴Ͱ͖Δܦ࿏ΛߜΔ • ֎෦σόΠε΁ͷσʔλॻ͖ࠐΈ੍ݶ • Կ͔σʔλ͕ྲྀग़ͨ͠ͱ͖ͷඃ֐Λ཈͑ΔͨΊͷख๏

12. ©2024 Bloomo Securities Inc. 
    
    ͦ΋ͦ΋҉߸Խͱ͸
    r
    ҉߸ԽΛ͢Δࡍʹߟྀ͢΂͖ϙΠϯτ • ҉߸ԽͷΞϧΰϦζϜ – %&4
    "&4

    
    34"
    &$$
    ʜ – ΄ͱΜͲͷ৔߹ϑϨʔϜϫʔΫ΍ϥΠϒϥϦͷσϑΥϧτʢਪ঑ʣͷ΋ͷΛ࢖͑͹0, • ຊ೔ͷ͓࿩ͷείʔϓ֎ • ݤͷ؅ཧํ਑ – ҉߸ݤΛͲ͜ʹ͓͍ͯ୭͕؅ཧ͢Δͷ͔ʁ • ҉߸Խͷ୯Ґ – ͲͷΑ͏ͳ୯ҐͰ҉߸Խ͢Δ͔ • ΞϓϦέʔγϣϯ͢΂ͯΛͭͷݤͰҰׅ҉߸Խ • ͋Δఔ౓·ͱ·ͬͨ୯Ґʢςʔϒϧ͝ͱͱ͔ʣͰ҉߸ݤΛΘ͚Δ • Ϩίʔυ͝ͱʹ҉߸ݤΛΘ͚Δ • ݕࡧੑೳ – ҉߸Խͨ͠σʔλΛ
    %#
    ʹೖΕΔͱଟ͘ͷ৔߹Ͱݕࡧ͕Ͱ͖ͳ͘ͳΔ – ඞཁʹԠͯ͡ΞϓϦέʔγϣϯϨΠϠͰݕࡧػೳΛ࣮૷͢Δඞཁ͕͋Δ ݤͷ؅ཧํ਑ ҉߸Խͷ୯Ґ ݕࡧੑೳ

13. ©2024 Bloomo Securities Inc. 
    
    "DUJWF3FDPSE
    &ODSZQUJPOͷ঺հ
    r
    ֓ཁͱ؆୯ͳ࢖͍ํͷ͝঺հ
     • 3BJMT "DUJWF3FDPSE
    ʹ૊Έࠐ·Ε͍ͯΔ҉߸Խػߏ

    – %#ʹอଘ͢Δͱ͖ʹ҉߸Խ͞Εͯอଘ͞ΕΔ – ΞϓϦέʔγϣϯ૚ɿฏจͱͯ͠ѻ͑Δɺ%#૚ɿ҉߸จͱͯ͠อଘ͞ΕΔ $ rails db:encryption:init Add this entry to the credentials of the target environment: active_record_encryption: primary_key: azc7QkZYSg9ll01TjBNpnURUnF42gt1s deterministic_key: U987a4KAnhfA5oAQrLY7pYaTqysIYqqE key_derivation_salt: puoi8lJbvyM4FQErFYJ26BFuE1OJLHtf secret_key_base: hogehogefugafuga…… active_record_encryption: primary_key: azc7QkZYSg9ll01TjBNpnURUnF42gt1s deterministic_key: U987a4KAnhfA5oAQrLY7pYaTqysIYqqE key_derivation_salt: puoi8lJbvyM4FQErFYJ26BFuE1OJLHtf config/credentials.yml.enc にそのままコピペ

14. ©2024 Bloomo Securities Inc. 
    
    "DUJWF3FDPSE
    &ODSZQUJPOͷ঺հ
    r
    ֓ཁͱ؆୯ͳ࢖͍ํͷ͝঺հ
     • 3BJMT "DUJWF3FDPSE
    ʹ૊Έࠐ·Ε͍ͯΔ҉߸Խػߏ

    – %#ʹอଘ͢Δͱ͖ʹ҉߸Խ͞Εͯอଘ͞ΕΔ – ΞϓϦέʔγϣϯ૚ɿฏจͱͯ͠ѻ͑Δɺ%#૚ɿ҉߸จͱͯ͠อଘ͞ΕΔ class PersonalInfo < ApplicationRecord encrypts :first_name encrypts :last_name end

15. ©2024 Bloomo Securities Inc. 
    
    "DUJWF3FDPSE
    &ODSZQUJPOͷ঺հ
    r
    ֓ཁͱ؆୯ͳ࢖͍ํͷ͝঺հ
     • ҉߸ݤ͸ଐੑ͝ͱʹจࣈྻ΍ΧελϜΩʔϓϩόΠμΛࢦఆՄೳ class PersonalInfo

    < ApplicationRecord encrypts :first_name, key: "some secret key for personal_info" encrypts :last_name, key_provider: PersonalInfoKeyProvider.new end • ܾఆ࿦త҉߸ԽΛ࢖͑͹ݕࡧ΋Մೳ class PersonalInfo < ApplicationRecord encrypts :first_name, deterministic: true encrypts :last_name, deterministic: true end

16. ©2024 Bloomo Securities Inc. 
    
    "DUJWF3FDPSE
    &ODSZQUJPOͷ঺հ
    r
    ʲ҉߸ԽΛ͢Δࡍʹߟྀ͢΂͖ϙΠϯτʳʹরΒ͠߹ΘͤΔͱ • ݤͷ؅ཧํ਑ – config/credentials.yml.enc ʹهࡌ

    – ΧελϜΩʔϓϩόΠμΛ࢖͑͹ϓϩάϥϜతʹऔಘՄೳʢྫɿ,.4
    4FDSFU.BOBHFS ౳ʣ • ҉߸Խͷ୯Ґ – σϑΥϧτͰ͸୯ҰͷݤͰ͢΂ͯͷର৅σʔλΛ҉߸Խ – ΧελϜΩʔϓϩόΠμΛ࢖͑͹ɺΫϥεʢςʔϒϧʣ͝ͱʹ෼͚Δ͜ͱ΋Մೳ • ݕࡧੑೳ – σϑΥϧτͰ͸ඇܾఆ࿦త҉߸ԽʢݕࡧෆՄೳʣ – ܾఆ࿦త҉߸ԽϞʔυʹ͢Ε͹ݕࡧՄೳ ݤͷ؅ཧํ਑ ҉߸Խͷ୯Ґ ݕࡧੑೳ

17. ©2024 Bloomo Securities Inc. 
    
    "DUJWF3FDPSE
    &ODSZQUJPOͰ͸࣮ݱͮ͠Β͍ཁ݅
    r
    ۚ༥ػؔΛྫʹ • ݤͷ؅ཧํ਑ – ਓ͕ؒ؅ཧͨ͘͠ͳ͍ –

    ʢ͜͜͸
    "DUJWF3FDPSE
    &ODSZQUJPO
    Ͱ΋࣮ݱͰ͖Δʣ • ҉߸Խͷ୯Ґ – ձࣾͦͷ΋ͷͷੑ࣭ˍѻ͏σʔλͷॏཁੑ͔ΒɺϨίʔυ͝ͱʹҟͳΔ҉߸ݤΛ࢖͍͍ͨ • ݸਓ৘ใ • ϚΠφϯόʔʢҰ࣌తʣ • ຊਓ֬ೝॻྨը૾ʢ໔ڐূͳͲʣ • ʢΫϨδοτΧʔυ൪߸ʣ • ݕࡧੑೳ – ͓٬༷͔Βͷ໰͍߹Θ͕ͤ͋ͬͨͱ͖ʹɺຊਓ֬ೝͷͨΊʹҰఆ߲໨Ͱͷݕࡧ͸ඞཁ • ໊લͱੜ೥݄೔ • ॅॴ ݤͷ؅ཧํ਑ ҉߸Խͷ୯Ґ ݕࡧੑೳ

18. ©2024 Bloomo Securities Inc. 
    
    ֤छ҉߸Խख๏͝঺հ
    r
    attr_encrypted
    ͱ
    lockbox • 3BJMT
    ✕
    ҉߸ԽͰ͸Ұ൪ྺ࢙͕ݹ͍ – "DUJWF3FDPSE
    &ODSZQUJPOҎલ͔Β͋Δ –

    'JSTU
    SFMFBTF
     • ଟ͘ͷࢀߟจݙ͕͋Δ • খྛࣗ਎͕ੲ͔Β࢖ͬͯͨܦݧ͕͋Δ • attr_encrypted ͷݱ୅൛తͳҐஔ͚ͮ • ࢖͍ํ͸"DUJWF3FDPSE
    &ODSZQUJPO΍attr_encryptedͱ͍͍ͩͨಉ͡ • "DUJWF3FDPSE
    &ODSZQUJPOΑΓগ͚ͩ͠લʹॳظϦϦʔε – "DUJWF3FDPSE
    &ODSZQUJPO
    3BJMT
     
     – lockbox
    GJSTU
    SFMFBTF
     attr_enctypted lockbox

19. ©2024 Bloomo Securities Inc. 
    attr_encrypted
    Λ࢖࣮ͬͨ૷ྫ
    r
    ҉߸ݤͷ؅ཧํ਑ͷΦϓγϣϯ  ؀ڥม਺ʹฏจͷ҉߸ݤΛஔ͘ – Ұ൪γϯϓϧͰ؆୯͕ͩ੬ऑ

     4FDSFU
    .BOBHFS
    ͳͲΞϓϦέʔγϣϯαʔόͷ֎ʹฏจͷ҉߸ݤΛஔ͘ – 👆ΑΓ͸҆શ͕ͩґવͱͯ͠ਓ͕ؒ؅ཧ͢Δඞཁ͕͋Δ  3BJMT
    ͷ
    &ODZQUFE
    $SFEFOUJBMT
    Λ࢖͏ – credentials.yml.enc
    Λෳ߹͢Δݤʢmaster.keyʣΛͲ͏͢Δ͔ͱ͍͏໰୊͸ݦࡏ – ΍ͬͺΓਓ͕ؒ؅ཧ͢Δඞཁ͕͋Δ  ,FZ
    .BOBHFNFOU
    4FSJWDFΛ͔ͭ͏ – "84
    ($1
    "[VSF
    ͳͲɺΫϥ΢υϓϩόΠμͳΒجຊతʹ͸ఏڙͯ͠Δ

20. ©2024 Bloomo Securities Inc. 
    attr_encrypted
    Λ࢖࣮ͬͨ૷ྫ
    r
    ,FZ
    .BOBHFNFOU
    4FSWJDF
    ͱ͸ʢ"84Λྫʹʣ • $VTUPNFS
    .BTUFS
    ,FZʢ$.,ʣΛࢦఆͯ͠ɺEBUB
    LFZʢ৽͍͠҉߸ݤʣΛཁٻ͢Δ – "

    • ҎԼͷ΋ͷ͕,.4͔Βฦͬͯ͘Δ – "
    ฏจͷ҉߸ݤ – #
    "͕҉߸Խ͞Εͨ΋ͷ • ҉߸Խɿ"Ͱ҉߸Խͯ͠ɺͦΕ͸ফڈɻ#Λ%#ͳͲʹอଘ͓ͯ͘͠ɻ • ෮߸Խɿ#Λ,.4ʹ౤͚͛ͭΔͱ෮߸Խͯ͠ฦͯ͘͠ΕΔʢ"ΛಘΒΕΔʣͷͰɺσʔλຊମ Λ"Ͱ෮߸Խ͢Δ CMK has_many :data_keys

21. ©2024 Bloomo Securities Inc. 
    attr_encrypted
    Λ࢖࣮ͬͨ૷ྫ
    r
    ,.4Λ࢖ͬͨϨίʔυ͝ͱͷ҉߸Խ࣮૷ྫ
      ,.4͔Βऔಘͨ͠ʲ҉߸Խ͞Εͨ҉߸ݤ #

    ʳΛอଘ͢ΔͨΊͷΧϥϜ
    encrypted_data_key
    Λ҉߸Խର৅Ϋϥεʢςʔϒϧʣʹ௥Ճ  ԼهͷΑ͏ͳϝιουΛ΋ͭ
    module
    Λఆٛ module KmsKey def data_key kms_client = Aws::KMS::Client.new(region: aws_region) if self.encrypted_data_key kms_client.decrypt(ciphertext_blob: self.encrypted_data_key) else resp = kms_client.generate_data_key( key_id: Rails.application.config.x.common['kms_cmk_id’], key_spec: 'AES_256’, ) self.encrypted_data_key = resp.ciphertext_blob resp.plaintext end end

22. ©2024 Bloomo Securities Inc. 
    attr_encrypted
    Λ࢖࣮ͬͨ૷ྫ
    r
    ,.4Λ࢖ͬͨϨίʔυ͝ͱͷ҉߸Խ࣮૷ྫ
      ҉߸Խର৅ϑΟʔϧυΛఆٛ class

    PersonalInfo < ApplicationRecord include KmsKey attr_encrypted :first_name, key: :data_key, algorithm: 'aes-256-gcm’ attr_encrypted :last_name, key: :data_key, algorithm: 'aes-256-gcm'

23. ©2024 Bloomo Securities Inc. 
    attr_encrypted
    Λ࢖࣮ͬͨ૷ྫ
    r
    ,.4Λ࢖ͬͨϨίʔυ͝ͱͷ҉߸Խ࣮૷ྫ
      Ϩίʔυ͝ͱʹ҉߸ݤΛม͑ͭͭɺಁաతʹѻ͑ΔΑ͏ʹͳΔ personal_info.first_name

    = ”ϊΤϧ” personal_info.last_name = “খྛ” personal_info.save! personal_info = PersonalInfo.find(1) puts personal_info.first_name # => “ϊΤϧ” puts personal_info.last_name # => “খྛ”

24. ©2024 Bloomo Securities Inc. 
    attr_encrypted
    Λ࢖࣮ͬͨ૷ྫ
    r
    Ξοϓϩʔυը૾ͷ҉߸Խ class IdDocumentImage < ApplicationRecord

    include KmsKey mount_uploader :uploader, IdDocumentImageUploader before_save :encrypt_file! def encrypt_file! iv = Cipher.generate_iv self.uploader_iv = Base64.strict_encode64(iv) cipher = Cipher.new(key: data_key, cipher_iv: iv) resp = cipher.encrypt(value: uploader.file.read) File.binwrite(uploader.file.path, resp) end • DBSSJFSXBWFΛྫʹ͝঺հ • Ϩίʔυ͝ͱʹ҉߸ݤΛม͑ͭͭɺΞοϓϩʔυը૾ͦͷ΋ͷ΋҉߸Խͯ͠อଘ

25. ©2024 Bloomo Securities Inc. 
    
    ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հ
    r
    ҉߸Խͭͭ͠ݕࡧՄೳʹ͢ΔΦϓγϣϯ  ܾఆ࿦త҉߸ԽΛ࢖͏ – "DUJWF3FDPSE
    &ODSZQUJPO
    ͕࠾༻͍ͯ͠Δํ਑ –

    ಉ͡҉߸ԽݤͰ҉߸Խ͍ͯ͠Δσʔλ܊ʹରͯ͠͸Մೳͳख๏  &MBTUJD4FBSDI
    ͳͲͷݕࡧϞδϡʔϧΛ༻ҙ͠ɺͦ͜ʹฏจͷσʔλΛ֨ೲ͢Δ – &MBTUJD4FBSDI
    ͸ΞϓϦέʔγϣϯαʔό͔ΒͷΈΞΫηεՄೳͰɺܦ࿏΍ྖҬ͸҆શͱ ͍͏લఏ  ݕࡧ࣌͸ΞϓϦέʔγϣϯαʔό಺ͰҰׅෳ߹ͯ͠ɺίʔυ্Ͱݕࡧ͢Δ – PersonalInfo.all.each
    Έ͍ͨʹ͢ΔΠϝʔδ  ݕࡧ༻ʹର৅ϑΟʔϧυʢࢯ໊ɺॅॴͳͲʣͷϋογϡ஋Λผςʔϒϧʹอଘ͢Δ – ׬શҰகͷݕࡧͷΈՄೳ

26. ©2024 Bloomo Securities Inc. 
    
    ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հ
    r
    ҉߸Խର৅σʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞੒͢Δྫ
     class PersonalInfoHash < ApplicationRecord

    belongs_to :personal_info end class PersonalInfo < ApplicationRecord include KmsKey …… has_many :personal_info_hashes • PersonalInfoHash
    ϞσϧʢςʔϒϧʣΛఆٛ – key: string – value: string

27. ©2024 Bloomo Securities Inc. 
    
    ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հ
    r
    ҉߸Խର৅σʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞੒͢Δྫ
     class PersonalInfo < ApplicationRecord

    after_save :save_hashes def save_hashes save_name_hash save_tel_hash ... end def save_name_hash raw_value = last_name + first_name pi_hash = personal_info_hashes.find_or_initialize_by(key: 'last_name_and_first_name’) pi_hash.value = BCrypt::Engine.hash_secret(raw_value, ENV['HASH_SALT’]) pi_hash.save! end • after_save ͱ͔Ͱ
    PersonalInfo ͷϨίʔυͱҰॹʹ࡞Δ • ҉߸ֶత)BTIؔ਺͸ͱΓ͋͑ͣ
    Bcrypt
    ࢖͓͚ͬͯ͹ྑͦ͞͏

28. ©2024 Bloomo Securities Inc. 
    
    ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հ
    r
    ҉߸Խର৅σʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞੒͢Δྫ
     hash_value = BCrypt::Engine.hash_secret(searching_value, ENV['HASH_SALT’])

    personal_infos = PersonalInfoHash .where(key: 'last_name_and_first_name', hash_value: hash_value) .map(&:personal_info) • ݕࡧ͢Δͱ͖͸ݕࡧϫʔυͷϋογϡ஋Λܭࢉͯ͠ݕࡧ

29. ©2024 Bloomo Securities Inc. 
    
    ·ͱΊ Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ؀ڥม਺ 4FDSFU
    .BOBHFS

    DSFEFOUJMBTZNMFOD ,.4 ܾఆ࿦త҉߸ԽʹΑΔݕࡧ &MBTUJD
    4FBSDI ۪௚ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE
    &ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT
    
       ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ࢖͍ํ ΧελϚΠζ͢Ε͹Ͱ͖Δ • ࠓճ͝঺հͨ͠ํ๏Λಛੑ͝ͱʹ·ͱΊ·͢ ҉߸Խͷ ୯Ґ ҉߸ݤͷ ؅ཧ ݕࡧख๏

30. ©2024 Bloomo Securities Inc. 
    
    ·ͱΊ
    r
    "DUJWF3FDPSE
    &ODSZQUJPO Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ؀ڥม਺ 4FDSFU
    .BOBHFS

    DSFEFOUJMBTZNMFOD ,.4 ܾఆ࿦త҉߸ԽʹΑΔݕࡧ &MBTUJD
    4FBSDI ۪௚ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE
    &ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT
    
       ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ࢖͍ํ ΧελϚΠζ͢Ε͹Ͱ͖Δ • େ఍ͷཁ݅͸ຬͨͤΔ • ಋೖͷෑډ΋௿͍ – config.active_record.encryption.support_unencrypted_data = true ҉߸Խͷ ୯Ґ ҉߸ݤͷ ؅ཧ ݕࡧख๏

31. ©2024 Bloomo Securities Inc. 
    
    ·ͱΊ
    r
    BUUS@FODSZQUFE
    
    MPDLCPY Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ܾఆ࿦త҉߸ԽʹΑΔݕࡧ &MBTUJD
    4FBSDI

    ۪௚ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE
    &ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT
    
       ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ࢖͍ํ ΧελϚΠζ͢Ε͹Ͱ͖Δ • "DUJWF3FDPSE
    &ODSZQUJPOͰཁ͕݅ຬͨͤͳ͍৔߹ʢϨίʔυ͝ͱ҉߸ԽͳͲʣʹݕ౼ • ,.4ར༻
    kms_encrypted ɺϋογϡԽݕࡧ
    blind_index
    ͸ผͷ
    gem
    ͕͋Δ • ৽نҊ݅ͳΒ
    lockboxɺطଘίʔυΛ࢖͍·Θ͍ͨ͠৔߹͸
    attr_encrypted ҉߸Խͷ ୯Ґ ҉߸ݤͷ ؅ཧ ݕࡧख๏ ؀ڥม਺ 4FDSFU
    .BOBHFS DSFEFOUJMBTZNMFOD ,.4

32. ©2024 Bloomo Securities Inc. Ұॹʹ#MPPNPͷαʔϏε։ൃΛ ͯ͘͠ΕΔ஥ؒΛืूதʂ https://careers.bloomo.co.jp/ 8F
    BSF
    )JSJOH