大事なデータを守りたい！ActiveRecord Encryptionと、より安全かつ検索可能な暗号化手法の実装例の紹介

Slide 1

Slide 1 text

Slide 2

Slide 2 text

©2024 Bloomo Securities Inc. • খྛޛ࢙ʢখྛϊΤϧʣ • ϒϧʔϞূ݊גࣜձࣾऔక໾$50 • 0NPUFTBOEPSC 3PQQPOHJSC 4IJOKVLVSCͱ͔ʹΑ͍͘· ͢ • ཱྀߦɾੈքͷίϫʔΩϯάεϖʔεΊ͙Γʢϫʔέʔγϣϯ తͳԿ͔ʣ͕޷͖ • झຯͰʲ੓࣏ࢿۚσʔλϕʔεʳΛ։ൃͯ͠·͢ ޷͖ͳόϯυ • -`"SDdFOd$JFM 1*&3305 THE FARM@NY CARR WORKPLACE@Chicago @free_world21

Slide 3

Slide 3 text

©2024 Bloomo Securities Inc. *OEFY ձࣾ঺հˍഎܠ঺հ ͦ΋ͦ΋҉߸Խͱ͸ʁ "DUJWF3FDPSE&ODSZQUJPOͷ঺հ "DUJWF3FDPSE&ODSZQUJPOͰ͸࣮ݱͮ͠Β͍ཁ݅ͷྫ ֤छ҉߸Խख๏͝঺հ attr_encryptedΛ࢖࣮ͬͨ૷ྫ ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հ ·ͱΊ • ࿩͞ͳ͍͜ͱɿ҉߸ԽΞϧΰϦζϜͱ͔ൿີܭࢉɾݕࡧͱ͔ • ର৅ऀɿ։ൃ͍ͯ͠Δ3BJMTΞϓϦͷσʔλ҉߸Խʹڵຯ͕͋Δਓ • ໨తɿ"DUJWF3FDPSE&ODSZQUJPO BUUS@FODSZQUFE MPDLCPYͷ֓ཁͱ͔͍ͭͲ͜ΖΛཧղ͢Δ͜ͱ • ൃදࢿྉ͸ޙ΄Ͳެ։͠·͢

Slide 4

Slide 4 text

Slide 5

Slide 5 text

©2024 Bloomo Securities Inc. ձࣾ঺հˍഎܠ঺հrϓϩμΫτػೳ ϙʔτϑΥϦΦػೳͰɺߴ౓ͳࢿ࢈ӡ༻ͷϋʔυϧΛԼ͍͛ͯΔ ϙʔτϑΥϦΦ౤ࢿػೳ ڞ༗ɾίϐʔػೳ ถࠃגɾ&5'Ͱཧ૝ͷϙʔτϑΥϦΦΛ࡞੒ͨ͠Βɺ ྆ସ΍ങ෇͸ϒϧʔϞ͕ࣗಈࣥߦͯ͘͠ΕΔɻ ෳ਺໏ฑ΁ͷ෼ࢄ౤ࢿ͕खؒͳ࣮͘ݱͰ͖Δ ʢϢʔβʔͷอ༗໏ฑ਺͸Ҏ্ʢ೔ຊฏۉͷഒఔ౓ʣʣ ॳ৺ऀͰ΋ϙʔτϑΥϦΦ࡞੒͕Մೳʹ ʢϢʔβʔͷׂҎ্͕ίϐʔ͔Β։࢝ʣ ઐ໳Ո΍ଞͷϢʔβʔͷϙʔτϑΥϦΦΛݟͯɺ ϫϯλοϓͰίϐʔͰ͖Δɻ

Slide 6

Slide 6 text

©2024 Bloomo Securities Inc. ձࣾ঺հˍഎܠ঺հr૑ۀ͔Β͜Ε·ͰͷาΈ ݄ ݄ ݄ ݄ ݄ ݄ ૑ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥ΢ϯυ ԯԁௐୡ ট଴੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ೥ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種（証券会社）ライセンス取得・プロダクトリリースを続けてきた。

Slide 7

Slide 7 text

Slide 8

Slide 8 text

Slide 9

Slide 9 text

©2024 Bloomo Securities Inc. ձࣾ঺հˍഎܠ঺հrূ݊γεςϜΛ࡞Δ͏͑Ͱ • Կ͔גΛങ͏ͨΊʹ͸ূ݊ձࣾͷޱ࠲Λͭ͘Βͳ͚Ε͹͍͚ͳ͍ • ূ݊ձࣾʢͷγεςϜʣΛ࡞ΔͨΊʹ͸༷ʑͳཁ݅ʢ๏཯ͳͲʣΛकΒͳ͚Ε͹͍͚ͳ͍ • ηΩϡϦςΟʔपΓʹ΋ΑΓؾΛ࢖͏ඞཁ͕͋Δ • αΠόʔ߈ܸͳͲΛؚΉɺ৘ใηΩϡϦςΟʹؔ͢ΔڴҖ͕΋ͷ͍͢͝੎͍Ͱڧ·͍ͬͯΔ – ૬͙࣍ݸਓ৘ใྲྀग़ – ϥϯαϜ΢ΣΞʹΑΔඃ֐ʢχίχίಈըʣ ͓٬༷ʢ࢖͏ଆʣ໨ઢ ΤϯδχΞʢ࡞Δଆʣ໨ઢ

Slide 10

Slide 10 text

©2024 Bloomo Securities Inc. ͦ΋ͦ΋҉߸Խͱ͸ʁ҉߸ԽͱϋογϡԽ “小林ノエル” “m6mlF70S3Qoqt86hyUJzWxhwW6JYgyXgBPPJHrhvVAGQ” “$2a$10$aBy67z2lE8O/OO/Xfnr7ZO6sQCP948cWDM/9Mi fMGR5472nkfqGUW” “小林ノエル” ҉߸Խ ϋογϡԽ • σʔλΛಛఆͷ҉߸ݤΛ࢖ͬͯม׵͠ɺਖ਼͍͠ݤ͕ͳ͍ͱݩʹ໭ͤͳ͍Α͏ʹ͢Δॲཧ • σʔλͷػີੑΛอޢ͢ΔͨΊʹ࢖ΘΕΔ • σʔλΛҰํ޲ͷݻఆ௕ͷ஋ʹม׵͢Δ͜ͱͰɺݩͷσʔλʹ໭ͤͳ͍Α͏ʹ͢Δॲཧ • ओʹσʔλͷ੔߹ੑΛ֬ೝ͢ΔͨΊʹ࢖ΘΕΔ 🔑 ฏจ ҉߸จ ݩσʔλ ϋογϡ஋

Slide 11

Slide 11 text

©2024 Bloomo Securities Inc. ͦ΋ͦ΋҉߸Խͱ͸ʁͳͥ҉߸Խ͢Δͷ͔ • ೖޱରࡦɾ಺෦ରࡦɾग़ޱରࡦͷ͏ͪɺ಺෦ରࡦͷ͏ͪͷͭ – ೖޱରࡦ • ϑΝΠΞ΢ΥʔϧɾϑΟϧλʔ • ଟཁૉೝূɺ71/ͳͲ – ಺෦ରࡦ • σʔλ҉߸Խ • ϩά؂ࢹ – ग़ޱରࡦ • ௨৴Ͱ͖Δܦ࿏ΛߜΔ • ֎෦σόΠε΁ͷσʔλॻ͖ࠐΈ੍ݶ • Կ͔σʔλ͕ྲྀग़ͨ͠ͱ͖ͷඃ֐Λ཈͑ΔͨΊͷख๏

Slide 12

Slide 12 text

©2024 Bloomo Securities Inc. ͦ΋ͦ΋҉߸Խͱ͸r҉߸ԽΛ͢Δࡍʹߟྀ͢΂͖ϙΠϯτ • ҉߸ԽͷΞϧΰϦζϜ – %&4 "&4 34" &$$ ʜ – ΄ͱΜͲͷ৔߹ϑϨʔϜϫʔΫ΍ϥΠϒϥϦͷσϑΥϧτʢਪ঑ʣͷ΋ͷΛ࢖͑͹0, • ຊ೔ͷ͓࿩ͷείʔϓ֎ • ݤͷ؅ཧํ਑ – ҉߸ݤΛͲ͜ʹ͓͍ͯ୭͕؅ཧ͢Δͷ͔ʁ • ҉߸Խͷ୯Ґ – ͲͷΑ͏ͳ୯ҐͰ҉߸Խ͢Δ͔ • ΞϓϦέʔγϣϯ͢΂ͯΛͭͷݤͰҰׅ҉߸Խ • ͋Δఔ౓·ͱ·ͬͨ୯Ґʢςʔϒϧ͝ͱͱ͔ʣͰ҉߸ݤΛΘ͚Δ • Ϩίʔυ͝ͱʹ҉߸ݤΛΘ͚Δ • ݕࡧੑೳ – ҉߸Խͨ͠σʔλΛ%#ʹೖΕΔͱଟ͘ͷ৔߹Ͱݕࡧ͕Ͱ͖ͳ͘ͳΔ – ඞཁʹԠͯ͡ΞϓϦέʔγϣϯϨΠϠͰݕࡧػೳΛ࣮૷͢Δඞཁ͕͋Δ ݤͷ؅ཧํ਑ ҉߸Խͷ୯Ґ ݕࡧੑೳ

Slide 13

Slide 13 text

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷ঺հr֓ཁͱ؆୯ͳ࢖͍ํͷ͝঺հ • 3BJMT "DUJWF3FDPSE ʹ૊Έࠐ·Ε͍ͯΔ҉߸Խػߏ – %#ʹอଘ͢Δͱ͖ʹ҉߸Խ͞Εͯอଘ͞ΕΔ – ΞϓϦέʔγϣϯ૚ɿฏจͱͯ͠ѻ͑Δɺ%#૚ɿ҉߸จͱͯ͠อଘ͞ΕΔ $ rails db:encryption:init Add this entry to the credentials of the target environment: active_record_encryption: primary_key: azc7QkZYSg9ll01TjBNpnURUnF42gt1s deterministic_key: U987a4KAnhfA5oAQrLY7pYaTqysIYqqE key_derivation_salt: puoi8lJbvyM4FQErFYJ26BFuE1OJLHtf secret_key_base: hogehogefugafuga…… active_record_encryption: primary_key: azc7QkZYSg9ll01TjBNpnURUnF42gt1s deterministic_key: U987a4KAnhfA5oAQrLY7pYaTqysIYqqE key_derivation_salt: puoi8lJbvyM4FQErFYJ26BFuE1OJLHtf config/credentials.yml.enc にそのままコピペ

Slide 14

Slide 14 text

Slide 15

Slide 15 text

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷ঺հr֓ཁͱ؆୯ͳ࢖͍ํͷ͝঺հ • ҉߸ݤ͸ଐੑ͝ͱʹจࣈྻ΍ΧελϜΩʔϓϩόΠμΛࢦఆՄೳ class PersonalInfo < ApplicationRecord encrypts :first_name, key: "some secret key for personal_info" encrypts :last_name, key_provider: PersonalInfoKeyProvider.new end • ܾఆ࿦త҉߸ԽΛ࢖͑͹ݕࡧ΋Մೳ class PersonalInfo < ApplicationRecord encrypts :first_name, deterministic: true encrypts :last_name, deterministic: true end

Slide 16

Slide 16 text

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷ঺հrʲ҉߸ԽΛ͢Δࡍʹߟྀ͢΂͖ϙΠϯτʳʹরΒ͠߹ΘͤΔͱ • ݤͷ؅ཧํ਑ – config/credentials.yml.enc ʹهࡌ – ΧελϜΩʔϓϩόΠμΛ࢖͑͹ϓϩάϥϜతʹऔಘՄೳʢྫɿ,.4 4FDSFU.BOBHFS ౳ʣ • ҉߸Խͷ୯Ґ – σϑΥϧτͰ͸୯ҰͷݤͰ͢΂ͯͷର৅σʔλΛ҉߸Խ – ΧελϜΩʔϓϩόΠμΛ࢖͑͹ɺΫϥεʢςʔϒϧʣ͝ͱʹ෼͚Δ͜ͱ΋Մೳ • ݕࡧੑೳ – σϑΥϧτͰ͸ඇܾఆ࿦త҉߸ԽʢݕࡧෆՄೳʣ – ܾఆ࿦త҉߸ԽϞʔυʹ͢Ε͹ݕࡧՄೳ ݤͷ؅ཧํ਑ ҉߸Խͷ୯Ґ ݕࡧੑೳ

Slide 17

Slide 17 text

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͰ͸࣮ݱͮ͠Β͍ཁ݅rۚ༥ػؔΛྫʹ • ݤͷ؅ཧํ਑ – ਓ͕ؒ؅ཧͨ͘͠ͳ͍ – ʢ͜͜͸"DUJWF3FDPSE&ODSZQUJPOͰ΋࣮ݱͰ͖Δʣ • ҉߸Խͷ୯Ґ – ձࣾͦͷ΋ͷͷੑ࣭ˍѻ͏σʔλͷॏཁੑ͔ΒɺϨίʔυ͝ͱʹҟͳΔ҉߸ݤΛ࢖͍͍ͨ • ݸਓ৘ใ • ϚΠφϯόʔʢҰ࣌తʣ • ຊਓ֬ೝॻྨը૾ʢ໔ڐূͳͲʣ • ʢΫϨδοτΧʔυ൪߸ʣ • ݕࡧੑೳ – ͓٬༷͔Βͷ໰͍߹Θ͕ͤ͋ͬͨͱ͖ʹɺຊਓ֬ೝͷͨΊʹҰఆ߲໨Ͱͷݕࡧ͸ඞཁ • ໊લͱੜ೥݄೔ • ॅॴ ݤͷ؅ཧํ਑ ҉߸Խͷ୯Ґ ݕࡧੑೳ

Slide 18

Slide 18 text

©2024 Bloomo Securities Inc. ֤छ҉߸Խख๏͝঺հrattr_encryptedͱlockbox • 3BJMT✕҉߸ԽͰ͸Ұ൪ྺ࢙͕ݹ͍ – "DUJWF3FDPSE&ODSZQUJPOҎલ͔Β͋Δ – 'JSTUSFMFBTF • ଟ͘ͷࢀߟจݙ͕͋Δ • খྛࣗ਎͕ੲ͔Β࢖ͬͯͨܦݧ͕͋Δ • attr_encrypted ͷݱ୅൛తͳҐஔ͚ͮ • ࢖͍ํ͸"DUJWF3FDPSE&ODSZQUJPO΍attr_encryptedͱ͍͍ͩͨಉ͡ • "DUJWF3FDPSE&ODSZQUJPOΑΓগ͚ͩ͠લʹॳظϦϦʔε – "DUJWF3FDPSE&ODSZQUJPO 3BJMT – lockboxGJSTUSFMFBTF attr_enctypted lockbox

Slide 19

Slide 19 text

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr҉߸ݤͷ؅ཧํ਑ͷΦϓγϣϯ ؀ڥม਺ʹฏจͷ҉߸ݤΛஔ͘ – Ұ൪γϯϓϧͰ؆୯͕ͩ੬ऑ 4FDSFU.BOBHFSͳͲΞϓϦέʔγϣϯαʔόͷ֎ʹฏจͷ҉߸ݤΛஔ͘ – 👆ΑΓ͸҆શ͕ͩґવͱͯ͠ਓ͕ؒ؅ཧ͢Δඞཁ͕͋Δ 3BJMTͷ&ODZQUFE$SFEFOUJBMTΛ࢖͏ – credentials.yml.encΛෳ߹͢Δݤʢmaster.keyʣΛͲ͏͢Δ͔ͱ͍͏໰୊͸ݦࡏ – ΍ͬͺΓਓ͕ؒ؅ཧ͢Δඞཁ͕͋Δ ,FZ.BOBHFNFOU4FSJWDFΛ͔ͭ͏ – "84 ($1 "[VSFͳͲɺΫϥ΢υϓϩόΠμͳΒجຊతʹ͸ఏڙͯ͠Δ

Slide 20

Slide 20 text

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr,FZ.BOBHFNFOU4FSWJDFͱ͸ʢ"84Λྫʹʣ • $VTUPNFS.BTUFS,FZʢ$.,ʣΛࢦఆͯ͠ɺEBUBLFZʢ৽͍͠҉߸ݤʣΛཁٻ͢Δ – " • ҎԼͷ΋ͷ͕,.4͔Βฦͬͯ͘Δ – "ฏจͷ҉߸ݤ – #"͕҉߸Խ͞Εͨ΋ͷ • ҉߸Խɿ"Ͱ҉߸Խͯ͠ɺͦΕ͸ফڈɻ#Λ%#ͳͲʹอଘ͓ͯ͘͠ɻ • ෮߸Խɿ#Λ,.4ʹ౤͚͛ͭΔͱ෮߸Խͯ͠ฦͯ͘͠ΕΔʢ"ΛಘΒΕΔʣͷͰɺσʔλຊମ Λ"Ͱ෮߸Խ͢Δ CMK has_many :data_keys

Slide 21

Slide 21 text

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr,.4Λ࢖ͬͨϨίʔυ͝ͱͷ҉߸Խ࣮૷ྫ ,.4͔Βऔಘͨ͠ʲ҉߸Խ͞Εͨ҉߸ݤ # ʳΛอଘ͢ΔͨΊͷΧϥϜ encrypted_data_keyΛ҉߸Խର৅Ϋϥεʢςʔϒϧʣʹ௥Ճ ԼهͷΑ͏ͳϝιουΛ΋ͭmoduleΛఆٛ module KmsKey def data_key kms_client = Aws::KMS::Client.new(region: aws_region) if self.encrypted_data_key kms_client.decrypt(ciphertext_blob: self.encrypted_data_key) else resp = kms_client.generate_data_key( key_id: Rails.application.config.x.common['kms_cmk_id’], key_spec: 'AES_256’, ) self.encrypted_data_key = resp.ciphertext_blob resp.plaintext end end

Slide 22

Slide 22 text

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr,.4Λ࢖ͬͨϨίʔυ͝ͱͷ҉߸Խ࣮૷ྫ ҉߸Խର৅ϑΟʔϧυΛఆٛ class PersonalInfo < ApplicationRecord include KmsKey attr_encrypted :first_name, key: :data_key, algorithm: 'aes-256-gcm’ attr_encrypted :last_name, key: :data_key, algorithm: 'aes-256-gcm'

Slide 23

Slide 23 text

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr,.4Λ࢖ͬͨϨίʔυ͝ͱͷ҉߸Խ࣮૷ྫ Ϩίʔυ͝ͱʹ҉߸ݤΛม͑ͭͭɺಁաతʹѻ͑ΔΑ͏ʹͳΔ personal_info.first_name = ”ϊΤϧ” personal_info.last_name = “খྛ” personal_info.save! personal_info = PersonalInfo.find(1) puts personal_info.first_name # => “ϊΤϧ” puts personal_info.last_name # => “খྛ”

Slide 24

Slide 24 text

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫrΞοϓϩʔυը૾ͷ҉߸Խ class IdDocumentImage < ApplicationRecord include KmsKey mount_uploader :uploader, IdDocumentImageUploader before_save :encrypt_file! def encrypt_file! iv = Cipher.generate_iv self.uploader_iv = Base64.strict_encode64(iv) cipher = Cipher.new(key: data_key, cipher_iv: iv) resp = cipher.encrypt(value: uploader.file.read) File.binwrite(uploader.file.path, resp) end • DBSSJFSXBWFΛྫʹ͝঺հ • Ϩίʔυ͝ͱʹ҉߸ݤΛม͑ͭͭɺΞοϓϩʔυը૾ͦͷ΋ͷ΋҉߸Խͯ͠อଘ

Slide 25

Slide 25 text

©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հr҉߸Խͭͭ͠ݕࡧՄೳʹ͢ΔΦϓγϣϯ ܾఆ࿦త҉߸ԽΛ࢖͏ – "DUJWF3FDPSE&ODSZQUJPO͕࠾༻͍ͯ͠Δํ਑ – ಉ͡҉߸ԽݤͰ҉߸Խ͍ͯ͠Δσʔλ܊ʹରͯ͠͸Մೳͳख๏ &MBTUJD4FBSDIͳͲͷݕࡧϞδϡʔϧΛ༻ҙ͠ɺͦ͜ʹฏจͷσʔλΛ֨ೲ͢Δ – &MBTUJD4FBSDI͸ΞϓϦέʔγϣϯαʔό͔ΒͷΈΞΫηεՄೳͰɺܦ࿏΍ྖҬ͸҆શͱ ͍͏લఏ ݕࡧ࣌͸ΞϓϦέʔγϣϯαʔό಺ͰҰׅෳ߹ͯ͠ɺίʔυ্Ͱݕࡧ͢Δ – PersonalInfo.all.eachΈ͍ͨʹ͢ΔΠϝʔδ ݕࡧ༻ʹର৅ϑΟʔϧυʢࢯ໊ɺॅॴͳͲʣͷϋογϡ஋Λผςʔϒϧʹอଘ͢Δ – ׬શҰகͷݕࡧͷΈՄೳ

Slide 26

Slide 26 text

©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հr҉߸Խର৅σʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞੒͢Δྫ class PersonalInfoHash < ApplicationRecord belongs_to :personal_info end class PersonalInfo < ApplicationRecord include KmsKey …… has_many :personal_info_hashes • PersonalInfoHashϞσϧʢςʔϒϧʣΛఆٛ – key: string – value: string

Slide 27

Slide 27 text

©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հr҉߸Խର৅σʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞੒͢Δྫ class PersonalInfo < ApplicationRecord after_save :save_hashes def save_hashes save_name_hash save_tel_hash ... end def save_name_hash raw_value = last_name + first_name pi_hash = personal_info_hashes.find_or_initialize_by(key: 'last_name_and_first_name’) pi_hash.value = BCrypt::Engine.hash_secret(raw_value, ENV['HASH_SALT’]) pi_hash.save! end • after_save ͱ͔ͰPersonalInfo ͷϨίʔυͱҰॹʹ࡞Δ • ҉߸ֶత)BTIؔ਺͸ͱΓ͋͑ͣBcrypt࢖͓͚ͬͯ͹ྑͦ͞͏

Slide 28

Slide 28 text

©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հr҉߸Խର৅σʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞੒͢Δྫ hash_value = BCrypt::Engine.hash_secret(searching_value, ENV['HASH_SALT’]) personal_infos = PersonalInfoHash .where(key: 'last_name_and_first_name', hash_value: hash_value) .map(&:personal_info) • ݕࡧ͢Δͱ͖͸ݕࡧϫʔυͷϋογϡ஋Λܭࢉͯ͠ݕࡧ

Slide 29

Slide 29 text

©2024 Bloomo Securities Inc. ·ͱΊ Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ؀ڥม਺ 4FDSFU.BOBHFS DSFEFOUJMBTZNMFOD ,.4 ܾఆ࿦త҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI ۪௚ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ࢖͍ํ ΧελϚΠζ͢Ε͹Ͱ͖Δ • ࠓճ͝঺հͨ͠ํ๏Λಛੑ͝ͱʹ·ͱΊ·͢ ҉߸Խͷ ୯Ґ ҉߸ݤͷ ؅ཧ ݕࡧख๏

Slide 30

Slide 30 text

©2024 Bloomo Securities Inc. ·ͱΊr"DUJWF3FDPSE&ODSZQUJPO Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ؀ڥม਺ 4FDSFU.BOBHFS DSFEFOUJMBTZNMFOD ,.4 ܾఆ࿦త҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI ۪௚ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ࢖͍ํ ΧελϚΠζ͢Ε͹Ͱ͖Δ • େ఍ͷཁ݅͸ຬͨͤΔ • ಋೖͷෑډ΋௿͍ – config.active_record.encryption.support_unencrypted_data = true ҉߸Խͷ ୯Ґ ҉߸ݤͷ ؅ཧ ݕࡧख๏

Slide 31

Slide 31 text

©2024 Bloomo Securities Inc. ·ͱΊrBUUS@FODSZQUFEMPDLCPY Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ܾఆ࿦త҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI ۪௚ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ࢖͍ํ ΧελϚΠζ͢Ε͹Ͱ͖Δ • "DUJWF3FDPSE&ODSZQUJPOͰཁ͕݅ຬͨͤͳ͍৔߹ʢϨίʔυ͝ͱ҉߸ԽͳͲʣʹݕ౼ • ,.4ར༻ kms_encrypted ɺϋογϡԽݕࡧ blind_index ͸ผͷgem͕͋Δ • ৽نҊ݅ͳΒlockboxɺطଘίʔυΛ࢖͍·Θ͍ͨ͠৔߹͸attr_encrypted ҉߸Խͷ ୯Ґ ҉߸ݤͷ ؅ཧ ݕࡧख๏ ؀ڥม਺ 4FDSFU.BOBHFS DSFEFOUJMBTZNMFOD ,.4