Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ideas #155

Open
21 tasks
ankane opened this issue Jun 12, 2022 · 0 comments
Open
21 tasks

Ideas #155

ankane opened this issue Jun 12, 2022 · 0 comments

Comments

@ankane
Copy link
Owner

ankane commented Jun 12, 2022
edited

Please create a new issue to discuss any ideas or share your own.

2.0

  • Change previous_versions to inherit top-level values (add warning first) - Unable to rotate encryption for fields having custom key_table #180
  • Don't return virtual attributes in attribute methods (attributes, attribute_names, has_attribute?) unless the ciphertext attribute is present
  • Drop support for Ruby < 3, Rails < 6.1, and Mongoid < 7

Ideas

  • Add binary option to replace encode (and eventually encode by default for Lockbox.new)
  • Decode to UTF-8 unless binary: true - utf8 branch
  • (breaking) Don't encode in Base64 for binary database fields if simple to implement
  • (breaking) Create new blobs when blobs are attached without encrypted flag
  • Prefer encrypt_attribute and decrypt_attribute over generate_attribute_ciphertext and decrypt_attribute_ciphertext
  • Add support for cache stores (Lockbox::Redis and Lockbox::Dalli - cache_stores branch - or Lockbox::Cache::Store for Active Support cache store)
  • Use Fiddle for Libsodium - libsodium branch
  • Warn (and eventually throw error) if the master key is passed to Lockbox.new
  • Require allow_empty option to encrypt empty string without padding
  • Encrypt empty strings in database fields - model_empty_string branch
  • Add support for encrypted Active Storage service (can wrap any other service) - more useful in 6.1+ since multiple services are supported (blocked since encryption needs to happen before checksum is computed)
  • Store the encryption version to make it easy to see which data has been rotated and avoid trying multiple keys. Could be done in an optional new field (email_ciphertext_version, license_version, blob metadata) or directly in the ciphertext (needs to work for files/binary data)
  • Default padding for encoded strings to reduce data leakage (cons: less standard, slightly more space)
  • Prefer ActiveSupport.on_load(:action_text_rich_text) { ActionText::RichText.encrypts :body } over Lockbox.encrypts_action_text_body (more code but less magic)
  • Add pretty_print method (similar to inspect)

On hold

  • Support for streaming encryption (probably not needed) - streaming branch
  • Better support for KMS (store key in data/metadata instead of DB) - kms_encrypt branch
  • Shrine support - shrine branch - WIP
Repository owner locked and limited conversation to collaborators Jun 12, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ankane