Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
大事なデータを守りたい!ActiveRecord Encryptionと、より安全かつ検索可能...
Search
free_world21
October 27, 2024
Programming
0
19
大事なデータを守りたい!ActiveRecord Encryptionと、より安全かつ検索可能な暗号化手法の実装例の紹介
Kaigi on Rails Day2にて使用した発表用スライドです。
https://kaigionrails.org/2024/talks/f-world21/
free_world21
October 27, 2024
Tweet
Share
More Decks by free_world21
See All by free_world21
DjangoとRailsを使って趣味として政治資金を透明化するプロダクトを作ってる話
free_world21
0
59
Ruby on Rails on Kubernetesってどうなの?
free_world21
0
13
Ruby on Rails と Django を比較してみる
free_world21
1
250
Shinjuku.rb#95:心の技術書紹介
free_world21
1
250
Rails engineを用いたゆるふわモジュラーモノリス のご紹介
free_world21
1
410
『Railsオワコン』と言われる時代に、なぜブルーモ証券はRailsを選ぶのか
free_world21
3
1.3k
東証障害報告書を読み解く
free_world21
0
240
Ruby/Railsの勉強会のおかげでブルーモ証券起業した
free_world21
2
480
エンジニアとしての属性軸(自己分析軸?)を考えてみた
free_world21
0
120
Other Decks in Programming
See All in Programming
Reduxモダナイズ 〜コードのモダン化を通して、将来のライブラリ移行に備える〜
pvcresin
2
670
AccessorySetupKitで実現するシームレスなペアリング体験 / Seamless pairing with AccessorySetupKit
nekowen
0
210
CSC509 Lecture 03
javiergs
PRO
0
320
Breaking Up with Big ViewModels — Without Breaking Your Architecture (droidcon Berlin 2025)
steliosf
PRO
1
290
開発生産性を上げるための生成AI活用術
starfish719
1
130
Web フロントエンドエンジニアに開かれる AI Agent プロダクト開発 - Vercel AI SDK を観察して AI Agent と仲良くなろう! #FEC余熱NIGHT
izumin5210
2
310
Swift Concurrency - 状態監視の罠
objectiveaudio
2
430
Go Conference 2025: Goで体感するMultipath TCP ― Go 1.24 時代の MPTCP Listener を理解する
takehaya
7
1.5k
非同期jobをtransaction内で 呼ぶなよ!絶対に呼ぶなよ!
alstrocrack
0
430
AIで開発生産性を上げる個人とチームの取り組み
taniigo
0
130
Django Ninja による API 開発効率化とリプレースの実践
kashewnuts
0
870
iOSエンジニア向けの英語学習アプリを作る!
yukawashouhei
0
150
Featured
See All Featured
RailsConf 2023
tenderlove
30
1.2k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
132
19k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.5k
Statistics for Hackers
jakevdp
799
220k
GitHub's CSS Performance
jonrohan
1032
460k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
19
1.2k
Testing 201, or: Great Expectations
jmmastey
45
7.7k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.5k
Building Adaptive Systems
keathley
43
2.8k
Transcript
ブルーモ証券株式会社 ©2024 Bloomo Securities Inc. େࣄͳσʔλΛकΓ͍ͨʂ "DUJWF3FDPSE&ODSZQUJPOͱɺ ΑΓ҆શ͔ͭݕࡧՄೳͳ ҉߸Խख๏ͷ࣮ྫͷհ ,BJHJPO3BJMT%BZ!)BMM#MVF
খྛޛ࢙ OPFM 4BU
©2024 Bloomo Securities Inc. • খྛޛ࢙ʢখྛϊΤϧʣ • ϒϧʔϞূ݊גࣜձࣾऔక$50 • 0NPUFTBOEPSC
3PQQPOHJSC 4IJOKVLVSCͱ͔ʹΑ͍͘· ͢ • ཱྀߦɾੈքͷίϫʔΩϯάεϖʔεΊ͙Γʢϫʔέʔγϣϯ తͳԿ͔ʣ͕͖ • झຯͰʲ࣏ࢿۚσʔλϕʔεʳΛ։ൃͯ͠·͢ ͖ͳόϯυ • -`"SDdFOd$JFM 1*&3305 THE FARM@NY CARR WORKPLACE@Chicago @free_world21
©2024 Bloomo Securities Inc. *OEFY ձࣾհˍഎܠհ ͦͦ҉߸Խͱʁ "DUJWF3FDPSE&ODSZQUJPOͷհ "DUJWF3FDPSE&ODSZQUJPOͰ࣮ݱͮ͠Β͍ཁ݅ͷྫ ֤छ҉߸Խख๏͝հ
attr_encryptedΛ࣮ͬͨྫ ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհ ·ͱΊ • ͞ͳ͍͜ͱɿ҉߸ԽΞϧΰϦζϜͱ͔ൿີܭࢉɾݕࡧͱ͔ • ରऀɿ։ൃ͍ͯ͠Δ3BJMTΞϓϦͷσʔλ҉߸Խʹڵຯ͕͋Δਓ • తɿ"DUJWF3FDPSE&ODSZQUJPO BUUS@FODSZQUFE MPDLCPYͷ֓ཁͱ͔͍ͭͲ͜ΖΛཧղ͢Δ͜ͱ • ൃදࢿྉޙ΄Ͳެ։͠·͢
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrϓϩμΫτ ถࠃגࢿ࢈ӡ༻ΞϓϦ#MPPNPΛఏڙதʂ ίϐϖͰʮόϑΣοτࢿʯεϚϗ݁Ͱएऀؾܰʹ :065)'*/"/$&ᶃ
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrϓϩμΫτػೳ ϙʔτϑΥϦΦػೳͰɺߴͳࢿ࢈ӡ༻ͷϋʔυϧΛԼ͍͛ͯΔ ϙʔτϑΥϦΦࢿػೳ ڞ༗ɾίϐʔػೳ ถࠃגɾ&5'ͰཧͷϙʔτϑΥϦΦΛ࡞ͨ͠Βɺ ྆ସങϒϧʔϞ͕ࣗಈࣥߦͯ͘͠ΕΔɻ
ෳฑͷࢄࢿ͕खؒͳ࣮͘ݱͰ͖Δ ʢϢʔβʔͷอ༗ฑҎ্ʢຊฏۉͷഒఔʣʣ ॳ৺ऀͰϙʔτϑΥϦΦ࡞͕Մೳʹ ʢϢʔβʔͷׂҎ্͕ίϐʔ͔Β։࢝ʣ ઐՈଞͷϢʔβʔͷϙʔτϑΥϦΦΛݟͯɺ ϫϯλοϓͰίϐʔͰ͖Δɻ
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrۀ͔Β͜Ε·ͰͷาΈ ݄ ݄
݄ ݄ ݄ ݄ ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥϯυ ԯԁௐୡ ট੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種(証券会社) ライセンス取得・プロダクトリリースを続けてきた。
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrۀ͔Β͜Ε·ͰͷาΈ ݄ ݄
݄ ݄ ݄ ݄ ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥϯυ ԯԁௐୡ ট੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種(証券会社) ライセンス取得・プロダクトリリースを続けてきた。 ূ݊ձࣾͱͯ͠ͷ rails new .
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrۀ͔Β͜Ε·ͰͷาΈ ݄ ݄
݄ ݄ ݄ ݄ ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥϯυ ԯԁௐୡ ট੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種(証券会社) ライセンス取得・プロダクトリリースを続けてきた。 ূ݊ձࣾͱͯ͠ͷ rails new .
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrূ݊γεςϜΛ࡞Δ͏͑Ͱ • Կ͔גΛങ͏ͨΊʹূ݊ձࣾͷޱ࠲Λͭ͘Βͳ͚Ε͍͚ͳ͍ • ূ݊ձࣾʢͷγεςϜʣΛ࡞ΔͨΊʹ༷ʑͳཁ݅ʢ๏ͳͲʣΛकΒͳ͚Ε͍͚ͳ͍ •
ηΩϡϦςΟʔपΓʹΑΓؾΛ͏ඞཁ͕͋Δ • αΠόʔ߈ܸͳͲΛؚΉɺใηΩϡϦςΟʹؔ͢ΔڴҖ͕ͷ͍͍͢͝Ͱڧ·͍ͬͯΔ – ૬͙࣍ݸਓใྲྀग़ – ϥϯαϜΣΞʹΑΔඃʢχίχίಈըʣ ͓٬༷ʢ͏ଆʣઢ ΤϯδχΞʢ࡞Δଆʣઢ
©2024 Bloomo Securities Inc. ͦͦ҉߸Խͱʁ҉߸ԽͱϋογϡԽ “小林ノエル” “m6mlF70S3Qoqt86hyUJzWxhwW6JYgyXgBPPJHrhvVAGQ” “$2a$10$aBy67z2lE8O/OO/Xfnr7ZO6sQCP948cWDM/9Mi fMGR5472nkfqGUW” “小林ノエル”
҉߸Խ ϋογϡԽ • σʔλΛಛఆͷ҉߸ݤΛͬͯม͠ɺਖ਼͍͠ݤ͕ͳ͍ͱݩʹͤͳ͍Α͏ʹ͢Δॲཧ • σʔλͷػີੑΛอޢ͢ΔͨΊʹΘΕΔ • σʔλΛҰํͷݻఆͷʹม͢Δ͜ͱͰɺݩͷσʔλʹͤͳ͍Α͏ʹ͢Δॲཧ • ओʹσʔλͷ߹ੑΛ֬ೝ͢ΔͨΊʹΘΕΔ 🔑 ฏจ ҉߸จ ݩσʔλ ϋογϡ
©2024 Bloomo Securities Inc. ͦͦ҉߸Խͱʁͳͥ҉߸Խ͢Δͷ͔ • ೖޱରࡦɾ෦ରࡦɾग़ޱରࡦͷ͏ͪɺ෦ରࡦͷ͏ͪͷͭ – ೖޱରࡦ •
ϑΝΠΞΥʔϧɾϑΟϧλʔ • ଟཁૉೝূɺ71/ͳͲ – ෦ରࡦ • σʔλ҉߸Խ • ϩάࢹ – ग़ޱରࡦ • ௨৴Ͱ͖Δܦ࿏ΛߜΔ • ֎෦σόΠεͷσʔλॻ͖ࠐΈ੍ݶ • Կ͔σʔλ͕ྲྀग़ͨ͠ͱ͖ͷඃΛ͑ΔͨΊͷख๏
©2024 Bloomo Securities Inc. ͦͦ҉߸Խͱr҉߸ԽΛ͢Δࡍʹߟྀ͖͢ϙΠϯτ • ҉߸ԽͷΞϧΰϦζϜ – %&4 "&4
34" &$$ ʜ – ΄ͱΜͲͷ߹ϑϨʔϜϫʔΫϥΠϒϥϦͷσϑΥϧτʢਪʣͷͷΛ͑0, • ຊͷ͓ͷείʔϓ֎ • ݤͷཧํ – ҉߸ݤΛͲ͜ʹ͓͍ͯ୭͕ཧ͢Δͷ͔ʁ • ҉߸Խͷ୯Ґ – ͲͷΑ͏ͳ୯ҐͰ҉߸Խ͢Δ͔ • ΞϓϦέʔγϣϯͯ͢ΛͭͷݤͰҰׅ҉߸Խ • ͋Δఔ·ͱ·ͬͨ୯Ґʢςʔϒϧ͝ͱͱ͔ʣͰ҉߸ݤΛΘ͚Δ • Ϩίʔυ͝ͱʹ҉߸ݤΛΘ͚Δ • ݕࡧੑೳ – ҉߸Խͨ͠σʔλΛ%#ʹೖΕΔͱଟ͘ͷ߹Ͱݕࡧ͕Ͱ͖ͳ͘ͳΔ – ඞཁʹԠͯ͡ΞϓϦέʔγϣϯϨΠϠͰݕࡧػೳΛ࣮͢Δඞཁ͕͋Δ ݤͷཧํ ҉߸Խͷ୯Ґ ݕࡧੑೳ
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷհr֓ཁͱ؆୯ͳ͍ํͷ͝հ • 3BJMT "DUJWF3FDPSE ʹΈࠐ·Ε͍ͯΔ҉߸Խػߏ
– %#ʹอଘ͢Δͱ͖ʹ҉߸Խ͞Εͯอଘ͞ΕΔ – ΞϓϦέʔγϣϯɿฏจͱͯ͠ѻ͑Δɺ%#ɿ҉߸จͱͯ͠อଘ͞ΕΔ $ rails db:encryption:init Add this entry to the credentials of the target environment: active_record_encryption: primary_key: azc7QkZYSg9ll01TjBNpnURUnF42gt1s deterministic_key: U987a4KAnhfA5oAQrLY7pYaTqysIYqqE key_derivation_salt: puoi8lJbvyM4FQErFYJ26BFuE1OJLHtf secret_key_base: hogehogefugafuga…… active_record_encryption: primary_key: azc7QkZYSg9ll01TjBNpnURUnF42gt1s deterministic_key: U987a4KAnhfA5oAQrLY7pYaTqysIYqqE key_derivation_salt: puoi8lJbvyM4FQErFYJ26BFuE1OJLHtf config/credentials.yml.enc にそのままコピペ
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷհr֓ཁͱ؆୯ͳ͍ํͷ͝հ • 3BJMT "DUJWF3FDPSE ʹΈࠐ·Ε͍ͯΔ҉߸Խػߏ
– %#ʹอଘ͢Δͱ͖ʹ҉߸Խ͞Εͯอଘ͞ΕΔ – ΞϓϦέʔγϣϯɿฏจͱͯ͠ѻ͑Δɺ%#ɿ҉߸จͱͯ͠อଘ͞ΕΔ class PersonalInfo < ApplicationRecord encrypts :first_name encrypts :last_name end
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷհr֓ཁͱ؆୯ͳ͍ํͷ͝հ • ҉߸ݤଐੑ͝ͱʹจࣈྻΧελϜΩʔϓϩόΠμΛࢦఆՄೳ class PersonalInfo
< ApplicationRecord encrypts :first_name, key: "some secret key for personal_info" encrypts :last_name, key_provider: PersonalInfoKeyProvider.new end • ܾఆత҉߸ԽΛ͑ݕࡧՄೳ class PersonalInfo < ApplicationRecord encrypts :first_name, deterministic: true encrypts :last_name, deterministic: true end
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷհrʲ҉߸ԽΛ͢Δࡍʹߟྀ͖͢ϙΠϯτʳʹরΒ͠߹ΘͤΔͱ • ݤͷཧํ – config/credentials.yml.enc ʹهࡌ
– ΧελϜΩʔϓϩόΠμΛ͑ϓϩάϥϜతʹऔಘՄೳʢྫɿ,.4 4FDSFU.BOBHFS ʣ • ҉߸Խͷ୯Ґ – σϑΥϧτͰ୯ҰͷݤͰͯ͢ͷରσʔλΛ҉߸Խ – ΧελϜΩʔϓϩόΠμΛ͑ɺΫϥεʢςʔϒϧʣ͝ͱʹ͚Δ͜ͱՄೳ • ݕࡧੑೳ – σϑΥϧτͰඇܾఆత҉߸ԽʢݕࡧෆՄೳʣ – ܾఆత҉߸ԽϞʔυʹ͢ΕݕࡧՄೳ ݤͷཧํ ҉߸Խͷ୯Ґ ݕࡧੑೳ
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͰ࣮ݱͮ͠Β͍ཁ݅rۚ༥ػؔΛྫʹ • ݤͷཧํ – ਓ͕ؒཧͨ͘͠ͳ͍ –
ʢ͜͜"DUJWF3FDPSE&ODSZQUJPOͰ࣮ݱͰ͖Δʣ • ҉߸Խͷ୯Ґ – ձࣾͦͷͷͷੑ࣭ˍѻ͏σʔλͷॏཁੑ͔ΒɺϨίʔυ͝ͱʹҟͳΔ҉߸ݤΛ͍͍ͨ • ݸਓใ • ϚΠφϯόʔʢҰ࣌తʣ • ຊਓ֬ೝॻྨը૾ʢ໔ڐূͳͲʣ • ʢΫϨδοτΧʔυ൪߸ʣ • ݕࡧੑೳ – ͓٬༷͔Βͷ͍߹Θ͕ͤ͋ͬͨͱ͖ʹɺຊਓ֬ೝͷͨΊʹҰఆ߲Ͱͷݕࡧඞཁ • ໊લͱੜ݄ • ॅॴ ݤͷཧํ ҉߸Խͷ୯Ґ ݕࡧੑೳ
©2024 Bloomo Securities Inc. ֤छ҉߸Խख๏͝հrattr_encryptedͱlockbox • 3BJMT✕҉߸ԽͰҰ൪ྺ࢙͕ݹ͍ – "DUJWF3FDPSE&ODSZQUJPOҎલ͔Β͋Δ –
'JSTUSFMFBTF • ଟ͘ͷࢀߟจݙ͕͋Δ • খྛ͕ࣗੲ͔Βͬͯͨܦݧ͕͋Δ • attr_encrypted ͷݱ൛తͳҐஔ͚ͮ • ͍ํ"DUJWF3FDPSE&ODSZQUJPOattr_encryptedͱ͍͍ͩͨಉ͡ • "DUJWF3FDPSE&ODSZQUJPOΑΓগ͚ͩ͠લʹॳظϦϦʔε – "DUJWF3FDPSE&ODSZQUJPO 3BJMT – lockboxGJSTUSFMFBTF attr_enctypted lockbox
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr҉߸ݤͷཧํͷΦϓγϣϯ ڥมʹฏจͷ҉߸ݤΛஔ͘ – Ұ൪γϯϓϧͰ؆୯͕ͩ੬ऑ
4FDSFU.BOBHFSͳͲΞϓϦέʔγϣϯαʔόͷ֎ʹฏจͷ҉߸ݤΛஔ͘ – 👆ΑΓ҆શ͕ͩґવͱͯ͠ਓ͕ؒཧ͢Δඞཁ͕͋Δ 3BJMTͷ&ODZQUFE$SFEFOUJBMTΛ͏ – credentials.yml.encΛෳ߹͢Δݤʢmaster.keyʣΛͲ͏͢Δ͔ͱ͍͏ݦࡏ – ͬͺΓਓ͕ؒཧ͢Δඞཁ͕͋Δ ,FZ.BOBHFNFOU4FSJWDFΛ͔ͭ͏ – "84 ($1 "[VSFͳͲɺΫϥυϓϩόΠμͳΒجຊతʹఏڙͯ͠Δ
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr,FZ.BOBHFNFOU4FSWJDFͱʢ"84Λྫʹʣ • $VTUPNFS.BTUFS,FZʢ$.,ʣΛࢦఆͯ͠ɺEBUBLFZʢ৽͍͠҉߸ݤʣΛཁٻ͢Δ – "
• ҎԼͷͷ͕,.4͔Βฦͬͯ͘Δ – "ฏจͷ҉߸ݤ – #"͕҉߸Խ͞Εͨͷ • ҉߸Խɿ"Ͱ҉߸Խͯ͠ɺͦΕফڈɻ#Λ%#ͳͲʹอଘ͓ͯ͘͠ɻ • ෮߸Խɿ#Λ,.4ʹ͚͛ͭΔͱ෮߸Խͯ͠ฦͯ͘͠ΕΔʢ"ΛಘΒΕΔʣͷͰɺσʔλຊମ Λ"Ͱ෮߸Խ͢Δ CMK has_many :data_keys
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr,.4ΛͬͨϨίʔυ͝ͱͷ҉߸Խ࣮ྫ ,.4͔Βऔಘͨ͠ʲ҉߸Խ͞Εͨ҉߸ݤ #
ʳΛอଘ͢ΔͨΊͷΧϥϜ encrypted_data_keyΛ҉߸ԽରΫϥεʢςʔϒϧʣʹՃ ԼهͷΑ͏ͳϝιουΛͭmoduleΛఆٛ module KmsKey def data_key kms_client = Aws::KMS::Client.new(region: aws_region) if self.encrypted_data_key kms_client.decrypt(ciphertext_blob: self.encrypted_data_key) else resp = kms_client.generate_data_key( key_id: Rails.application.config.x.common['kms_cmk_id’], key_spec: 'AES_256’, ) self.encrypted_data_key = resp.ciphertext_blob resp.plaintext end end
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr,.4ΛͬͨϨίʔυ͝ͱͷ҉߸Խ࣮ྫ ҉߸ԽରϑΟʔϧυΛఆٛ class
PersonalInfo < ApplicationRecord include KmsKey attr_encrypted :first_name, key: :data_key, algorithm: 'aes-256-gcm’ attr_encrypted :last_name, key: :data_key, algorithm: 'aes-256-gcm'
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr,.4ΛͬͨϨίʔυ͝ͱͷ҉߸Խ࣮ྫ Ϩίʔυ͝ͱʹ҉߸ݤΛม͑ͭͭɺಁաతʹѻ͑ΔΑ͏ʹͳΔ personal_info.first_name
= ”ϊΤϧ” personal_info.last_name = “খྛ” personal_info.save! personal_info = PersonalInfo.find(1) puts personal_info.first_name # => “ϊΤϧ” puts personal_info.last_name # => “খྛ”
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫrΞοϓϩʔυը૾ͷ҉߸Խ class IdDocumentImage < ApplicationRecord
include KmsKey mount_uploader :uploader, IdDocumentImageUploader before_save :encrypt_file! def encrypt_file! iv = Cipher.generate_iv self.uploader_iv = Base64.strict_encode64(iv) cipher = Cipher.new(key: data_key, cipher_iv: iv) resp = cipher.encrypt(value: uploader.file.read) File.binwrite(uploader.file.path, resp) end • DBSSJFSXBWFΛྫʹ͝հ • Ϩίʔυ͝ͱʹ҉߸ݤΛม͑ͭͭɺΞοϓϩʔυը૾ͦͷͷ҉߸Խͯ͠อଘ
©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհr҉߸Խͭͭ͠ݕࡧՄೳʹ͢ΔΦϓγϣϯ ܾఆత҉߸ԽΛ͏ – "DUJWF3FDPSE&ODSZQUJPO͕࠾༻͍ͯ͠Δํ –
ಉ͡҉߸ԽݤͰ҉߸Խ͍ͯ͠Δσʔλ܊ʹରͯ͠Մೳͳख๏ &MBTUJD4FBSDIͳͲͷݕࡧϞδϡʔϧΛ༻ҙ͠ɺͦ͜ʹฏจͷσʔλΛ֨ೲ͢Δ – &MBTUJD4FBSDIΞϓϦέʔγϣϯαʔό͔ΒͷΈΞΫηεՄೳͰɺܦ࿏ྖҬ҆શͱ ͍͏લఏ ݕࡧ࣌ΞϓϦέʔγϣϯαʔόͰҰׅෳ߹ͯ͠ɺίʔυ্Ͱݕࡧ͢Δ – PersonalInfo.all.eachΈ͍ͨʹ͢ΔΠϝʔδ ݕࡧ༻ʹରϑΟʔϧυʢࢯ໊ɺॅॴͳͲʣͷϋογϡΛผςʔϒϧʹอଘ͢Δ – શҰகͷݕࡧͷΈՄೳ
©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհr҉߸ԽରσʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞͢Δྫ class PersonalInfoHash < ApplicationRecord
belongs_to :personal_info end class PersonalInfo < ApplicationRecord include KmsKey …… has_many :personal_info_hashes • PersonalInfoHashϞσϧʢςʔϒϧʣΛఆٛ – key: string – value: string
©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհr҉߸ԽରσʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞͢Δྫ class PersonalInfo < ApplicationRecord
after_save :save_hashes def save_hashes save_name_hash save_tel_hash ... end def save_name_hash raw_value = last_name + first_name pi_hash = personal_info_hashes.find_or_initialize_by(key: 'last_name_and_first_name’) pi_hash.value = BCrypt::Engine.hash_secret(raw_value, ENV['HASH_SALT’]) pi_hash.save! end • after_save ͱ͔ͰPersonalInfo ͷϨίʔυͱҰॹʹ࡞Δ • ҉߸ֶత)BTIؔͱΓ͋͑ͣBcrypt͓͚ͬͯྑͦ͞͏
©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհr҉߸ԽରσʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞͢Δྫ hash_value = BCrypt::Engine.hash_secret(searching_value, ENV['HASH_SALT’])
personal_infos = PersonalInfoHash .where(key: 'last_name_and_first_name', hash_value: hash_value) .map(&:personal_info) • ݕࡧ͢Δͱ͖ݕࡧϫʔυͷϋογϡΛܭࢉͯ͠ݕࡧ
©2024 Bloomo Securities Inc. ·ͱΊ Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ڥม 4FDSFU.BOBHFS
DSFEFOUJMBTZNMFOD ,.4 ܾఆత҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI ۪ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ͍ํ ΧελϚΠζ͢ΕͰ͖Δ • ࠓճ͝հͨ͠ํ๏Λಛੑ͝ͱʹ·ͱΊ·͢ ҉߸Խͷ ୯Ґ ҉߸ݤͷ ཧ ݕࡧख๏
©2024 Bloomo Securities Inc. ·ͱΊr"DUJWF3FDPSE&ODSZQUJPO Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ڥม 4FDSFU.BOBHFS
DSFEFOUJMBTZNMFOD ,.4 ܾఆత҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI ۪ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ͍ํ ΧελϚΠζ͢ΕͰ͖Δ • େͷཁ݅ຬͨͤΔ • ಋೖͷෑډ͍ – config.active_record.encryption.support_unencrypted_data = true ҉߸Խͷ ୯Ґ ҉߸ݤͷ ཧ ݕࡧख๏
©2024 Bloomo Securities Inc. ·ͱΊrBUUS@FODSZQUFEMPDLCPY Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ܾఆత҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI
۪ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ͍ํ ΧελϚΠζ͢ΕͰ͖Δ • "DUJWF3FDPSE&ODSZQUJPOͰཁ͕݅ຬͨͤͳ͍߹ʢϨίʔυ͝ͱ҉߸ԽͳͲʣʹݕ౼ • ,.4ར༻ kms_encrypted ɺϋογϡԽݕࡧ blind_index ผͷgem͕͋Δ • ৽نҊ݅ͳΒlockboxɺطଘίʔυΛ͍·Θ͍ͨ͠߹attr_encrypted ҉߸Խͷ ୯Ґ ҉߸ݤͷ ཧ ݕࡧख๏ ڥม 4FDSFU.BOBHFS DSFEFOUJMBTZNMFOD ,.4
©2024 Bloomo Securities Inc. Ұॹʹ#MPPNPͷαʔϏε։ൃΛ ͯ͘͠ΕΔؒΛืूதʂ https://careers.bloomo.co.jp/ 8FBSF)JSJOH