Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduce AR::Encryption

Takumi Shotoku
September 02, 2021

Introduce AR::Encryption

Takumi Shotoku

September 02, 2021
Tweet

More Decks by Takumi Shotoku

Other Decks in Technology

Transcript

  1. 自己紹介 • 名前: 神速 • 会社: メドピア株式会社 • 所属: CTO室SRE

    • GitHub: @sinsoku (画像右上) • Twitter: @sinsoku_listy (画像右下) 2
  2. 4

  3. 5

  4. deterministic: true は同じ文字になる Author.create(email: '[email protected]') # TRANSACTION (0.0ms) begin transaction

    # Author Create (1.1ms) INSERT INTO "authors" ("email", "created_at", "updated_at") VALUES (?, ?, ?) \ # [["email", "{\"p\":\"zicjhoOToWeYJ8SLsHr0\",\"h\":{\"iv\":\"er70ewKN9j8AAd1m\",\"at\":\"BuSV3TSxAZkM8t/uD0UvtA==\"}}"], \ # ["created_at", "2021-07-09 06:39:53.651449"], ["updated_at", "2021-07-09 06:39:53.651449"]] # TRANSACTION (0.9ms) commit transaction #=> #<Author:0x00007fe1e11d51f8 id: 2, email: "[email protected]", created_at: Fri, 09 Jul 2021 06:39:53.651449000 UTC +00:00, \ # updated_at: Fri, 09 Jul 2021 06:39:53.651449000 UTC +00:00> Author.create(email: '[email protected]') # TRANSACTION (0.0ms) begin transaction # Author Create (0.4ms) INSERT INTO "authors" ("email", "created_at", "updated_at") VALUES (?, ?, ?) \ # [["email", "{\"p\":\"zicjhoOToWeYJ8SLsHr0\",\"h\":{\"iv\":\"er70ewKN9j8AAd1m\",\"at\":\"BuSV3TSxAZkM8t/uD0UvtA==\"}}"], \ # ["created_at", "2021-07-09 06:39:54.587980"], ["updated_at", "2021-07-09 06:39:54.587980"]] # TRANSACTION (1.1ms) commit transaction #=> #<Author:0x00007fe1c1143a20 id: 3, email: "[email protected]", created_at: Fri, 09 Jul 2021 06:39:54.587980000 UTC +00:00, \ # updated_at: Fri, 09 Jul 2021 06:39:54.587980000 UTC +00:00> 10
  5. 既存のカラムを暗号化する 2 レコードが多い場合は upsert_all を使う方が良さそう。 type = Article.attribute_types["title"] Article.find_in_batches do

    |group| attributes = group.pluck(:id, :title).map do |id, title| { id: id, title: type.serialize(title) } end Article.upsert_all(attributes, unique_by: :id) end 14
  6. 16

  7. バックポート 2 # config/application.rb require 'active_record/encryption' ActiveRecord::Railtie.initializer "active_record_encryption.configuration" do |app|

    # config.active_record.encryption ૬౰ͷม਺ config_encryption = ActiveSupport::OrderedOptions.new ActiveRecord::Encryption.configure \ primary_key: app.credentials.dig(:active_record_encryption, :primary_key), deterministic_key: app.credentials.dig(:active_record_encryption, :deterministic_key), key_derivation_salt: app.credentials.dig(:active_record_encryption, :key_derivation_salt), **config_encryption # ҎԼུ end 19