金融機関の（システムの）作り方

×º¡3 TV]n3 ìA 2019.12.13 ÁőRails#16 @free_world21

▪ ±ľ cLv 35 ▪ : ƇĪ ½2lIz_ĿŇàÐ ▪ Œ:
jxOtm – RVGMLP?8P>E3 – ÎVQYi ▪ 2008: hu tzVLzUaG/"-į¢ – flash/C#/rails/iOS/Android ▪ 2009: |¸ëŅŧ çÔ²é¸ŅĈ ▪ 2009: IPAŐœ2ōŬ!CB ▪ 2016: LotZòă~2Čÿ ▪ 2018: űĔ© ▪ 2019: hu tzV~©/"-÷¹ @free_world21

LotZòă~ ▪ 2016}Ũ ▪ ×.3Ĺ3ńİD"1Ĺ4Ń – 2017: EMERADA EQUITY ▪
ÑĹĊûàŪć»Ů ×ēþ»Ë – 2018: EMERADA BANK ▪ ş – 2019: EMERADA MARKETPLACE ▪ à£ÚŖ· 2Ŕ

Ő3VY _G[j3ò òÝ¶È DNtJ`hFz^HzOD¤#- ĭÏ$BR gVDğŤ 2017}11R gVuu V 2019}10ŭķðĘDŃ

×4čÀÂ ▪ ūŕÀ – hÙÒ - ,z0Æ%w¦¬!W] , – }WV}Wh
– o©Vo©Vh ▪ ńİÀ – hÙÒ - ,z0Æ**W]!ÇÁ0¤ ! – ³VX®£vh – ×XV×XVh – dfÒtWV}Wh – à¾gËÈVmXfh

r S3 a W @3 ¿Ķ

ðĘDĬ2Ĥ¦"8$ ▪ ×ēþ»Ë§ ▪ ×ēþ»Ë§üť ▪ ×ēþ»Ë§üčŘ ▪ ▪
Ø~čŘ ĥ ý Ō « https://www.fsa.go.jp/common/law/guide/kinyushoh in/index.html

;3$ ů28/:8$ ▪ ºó¿æ1Ð – §a Þ'0[-,S0ç+#( µ¸q – §z'ÞÀ¹S
ëè0,` ▪ ĵĳŢè3?1jxXVDğŤ"8"> ▪ '3ƀš;*<E/ę"8"> – z!æÑn00ì ¸q0ßÖ#( ▪ çÔ/#Ä2*<ž¬ – ÝÅ zÞ0,`!ID/Pass %#( OTP ▪ Ŋºó¿æ1Ð – U`G25N ´Ä0ßÖ#( – Ï.O:0 #( – ^ ceT _ Õ²Ðá0#( – OS'IDN673 ïÛº~#( – u39@? ã^Ì$#( – Í°â « ) #( ▪ '3Ŏ – j\B?Cr¥0 +Ók|0Yc&1·Ø#( – ½ # ¶*éÃÝÅ'x±pÜ#( – j\eÊ!¢eÊ),Zybª0#( – ;PB4P>7P=HLP0aåÓ0#(

Izht ¨1ŏŲ1ŉļ3ƄĒ DOSŉļ XXIzUKNTsz wordpress3ƊũÃD,(ŉļ v v4ſ 2¨¯!&-í

Izht assetsłhFIv3Mp[Tq¯2?BĕųņÞ ĎŀĲ¨Î2?Br Sgu]H3Î LBÍ¥.ÌÍ3500Ĩï"(@ CF@Lt k UDġÉ

Izht ċAZ63x `etzTzO SSLāţĐ²

Izht Autoscale2?BĞ2XïÍ ĕų24Yï8.VP v IzVYzVŚ1A2 1+(/;¹īŋ EC2IzVYzV.4 docker container/"-rails(puma) ¹

Izht Aurora2?BƆğÅ ã4master63Ŧ9ô. masterėŚ4slave¹ŗø

Izht G[jx `!C(hFIvDĀ Û¿1;34ŸŔ¯"-

Izht ŸŔƃ4KMS.äģ²

4,3RailsjxUKN_ userrails adminrails DB common_models common_models useröcontrollers admin_models useröviews adminöcontrollers
adminöviews rails Žł_models Žłcontrollers ŽłDB ▪ user³railsGju ▪ admin³railsGju ▪ common engine ▪ ŽłrailsGju database - common_comments - common_posts - common_users - ads - admin_users - payments

ŸŔ¯2,- AWS KMS ▪ Customer Master KeyCMKDÜ"-data key "ŸŔƃ D¿ê$
B – A ▪ Í¥3;3KMS@Ģ+-B – A: ¡ æÑì – B: A æÑn-% ▪ A.ŸŔ¯"-'C4ĚĺBDDB102°Ľ"- ▪ BDKMS2Ó,B/īŔ¯"-Ģ"-CB ADå@CB 3.^ Y «DA.īŔ¯$B CMK has_many :data_keys

Űą2Ů( ▪ attr_encrypted /gemŠÒ)+( ▪ ċmodel3attributeDŰą2ŮB personal_info.first_name = ”cLv” personal_info.last_name
= “±ľ” personal_info.save! personal_info = PersonalInfo.find(1) puts personal_info.first_name # => “cLv” puts personal_info.last_name # => “±ľ”

áŶ³d[Tq ▪ ŸŔ¯"( && áŶ;"( => áŶ³2Hash¯"(ıDý] iv.°Ľ ▪ ŸŔ¸Hash¡Ì4/A%BCrypt,+/.
▪ after_save /.PersonalInfo3wQ `/Ŵ2ìB3ě/ñ Class PersonalInfo has_many :personal_info_hashes after_save :save_hashes def save_hashes save_name_hash save_tel_hash save_address_hash …… end def save_name_hash raw_value = last_name + first_name pi_hash = personal_info_hashes.find_or_initialize_by(field_name: 'last_name_and_first_name') pi_hash.hash_value = BCrypt::Engine.hash_secret(raw_value, ENV['HASH_SALT']) pi_hash.save! end

Ş 3 ŀ ▪ ºó¿æ1Ð – §a Þ'0[-,S0ç+#( µ¸q –
§z'ÞÀ¹S ëè0,` ▪ ĵĳŢè3?1jxXVDğŤ"8"> ▪ '3ƀš;*<E/ę"8"> – z!æÑn00ì ¸q0ßÖ#( ▪ çÔ/#Ä2*<ž¬ – ÝÅ zÞ0,`!ID/Pass %#( OTP ▪ Ŋºó¿æ1Ð – U`G25N ´Ä0ßÖ#( – Ï.O:0 #( – ^ ceT _ Õ²Ðá0#( – OS'IDN673 ïÛº~#( – u39@? ã^Ì$#( – Í°â « ) #( ▪ '3Ŏ – j\B?Cr¥0 +Ók|0Yc&1·Ø#( – ½ # ¶*éÃÝÅ'x±pÜ#( – j\eÊ!¢eÊ),Zybª0#( – ;PB4P>7P=HLP0aåÓ0#( ▪ ºó¿æ1Ð – Rails.roleºóDř – ĵĳèðºóDř ▪ ĵĳ/Ţè.B34ý3role ▪ Ɓ,0²ĉ.Ţèŕđ"(;°Ľ – AWS KMS/attr_encrypted gem.ŸŔ¯"-DB2°Ľ – =Ó®3»ËfVy `ºóDř ▪ Ŋºó¿æ1Ð – tmpfsDõ+-carrierwave gem2hFIvDĀÄ4tmpfs/$B – AWS3ċQzl bz_3xOD°Ľ – WAF=security groupcontainer¯DB3CB] ivDŹB – ¼2IzVYzV /Ł$ ('-')╮ =͟͟͞͞!⸉ – WAF.ňÇ2E5A8$" – Autoscaling ▪ '3Ŏ – ċĹª\ vDżħ+-õ – Lt k UDCDN.ġÉ"-ĩ;C1/Ĝ4 Ŝ – """ – Terraform2?BIzht3Q `¯ŷś4"""

ƅÐĠ2)"-ƈ9(ùŵ ▪ B{ďĻĂ ÷¾´Ė 3â3¥Í¥3?1ƂùôċÖÙÕÊďƉ 2ĝ@CB ▪ 3. ĸĦ3ßĒãĄ –
1¼Ú îÒ – 5äíÒ https://www.npa.go.jp/laws/notification/seian/ hoan/hoan20180921-1.pdf

8/:Ćý1/4ĩ;"-1 ▪ čÀÂ¥2BR gV3ú: ▪ §¿æ3µ7Ŧ9 ▪ 'C2$B ŀĬ3 źĮ
– §¢!,¨z!/+UÔb011 – sÉê¿Â600l5J> ▪ î – rspecDBOA90B?C, – RubybinaryF?, – Railsserverless¯»100{K<0" ŻĴ~.4Æŝ2Ġ-)!# https://github.com/f-world21/encryption_sample

金融機関の（システムの）作り方

金融機関の（システムの）作り方

free_world21

More Decks by free_world21

Other Decks in Technology

Featured

Transcript

×º¡3 TV]n3 ìA 2019.12.13 ÁőRails#16 @free_world21

▪ ±ľ cLv 35 ▪ : ƇĪ ½2lIz_ĿŇàÐ ▪ Œ:

LotZòă~ ▪ 2016}Ũ ▪ ×.3Ĺ3ńİD"1Ĺ4Ń – 2017: EMERADA EQUITY ▪

Ő3VY _G[j3ò òÝ¶È DNtJ`hFz^HzOD¤#- ĭÏ$BR gVDğŤ 2017}11R gVuu V 2019}10ŭķðĘDŃ

×4čÀÂ ▪ ūŕÀ – hÙÒ - ,z0Æ%w¦¬!W] , – }WV}Wh

r S3 a W @3 ¿Ķ

r S3 a W @3 ¿Ķ

ðĘDĬ2Ĥ¦"8$ ▪ ×ēþ»Ë§ ▪ ×ēþ»Ë§üť ▪ ×ēþ»Ë§üčŘ ▪ ▪

;3$ ů28/:8$ ▪ ºó¿æ1Ð – §a Þ'0[-,S0ç+#( µ¸q – §z'ÞÀ¹S

řĬ

Izht

Izht ¨1ŏŲ1ŉļ3ƄĒ DOSŉļ XXIzUKNTsz wordpress3ƊũÃD,(ŉļ v v4ſ 2¨¯!&-í

Izht assetsłhFIv3Mp[Tq¯2?BĕųņÞ ĎŀĲ¨Î2?Br Sgu]H3Î LBÍ¥.ÌÍ3500Ĩï"(@ CF@Lt k UDġÉ

Izht ċAZ63x `etzTzO SSLāţĐ²

Izht Autoscale2?BĞ2XïÍ ĕų24Yï8.VP v IzVYzVŚ1A2 1+(/;¹īŋ EC2IzVYzV.4 docker container/"-rails(puma) ¹

Izht Aurora2?BƆğÅ ã4master63Ŧ9ô. masterėŚ4slave¹ŗø

Izht G[jx `!C(hFIvDĀ Û¿1;34ŸŔ¯"-

Izht ŸŔƃ4KMS.äģ²

4,3RailsjxUKN_ userrails adminrails DB common_models common_models useröcontrollers admin_models useröviews adminöcontrollers

ŸŔ¯2,- AWS KMS ▪ Customer Master KeyCMKDÜ"-data key "ŸŔƃ D¿ê$

Űą2Ů( ▪ attr_encrypted /gemŠÒ)+( ▪ ċmodel3attributeDŰą2ŮB personal_info.first_name = ”cLv” personal_info.last_name

áŶ³d[Tq ▪ ŸŔ¯"( && áŶ;"( => áŶ³2Hash¯"(ıDý] iv.°Ľ ▪ ŸŔ¸Hash¡Ì4/A%BCrypt,+/.

Ş 3 ŀ ▪ ºó¿æ1Ð – §a Þ'0[-,S0ç+#( µ¸q –

ƅÐĠ2)"-ƈ9(ùŵ ▪ B{ďĻĂ ÷¾´Ė 3â3¥Í¥3?1ƂùôċÖÙÕÊďƉ 2ĝ@CB ▪ 3. ĸĦ3ßĒãĄ –

8/:Ćý1/4ĩ;"-1 ▪ čÀÂ¥2BR gV3ú: ▪ §¿æ3µ7Ŧ9 ▪ 'C2$B ŀĬ3 źĮ