Skip to content

Ideas #155

New issue
New issue
Open
Open
Ideas#155
@ankane

Description

@ankane
ankane
opened on Jun 12, 2022

Please create a new issue to discuss any ideas or share your own.

3.0

Ideas

  • Add binary option to replace encode (and eventually encode by default for Lockbox.new)
  • Decode to UTF-8 unless binary: true - utf8 branch
  • (breaking) Don't encode in Base64 for binary database fields if simple to implement
  • (breaking) Create new blobs when blobs are attached without encrypted flag
  • Prefer encrypt_attribute and decrypt_attribute over generate_attribute_ciphertext and decrypt_attribute_ciphertext
  • Add support for cache stores (Lockbox::Redis and Lockbox::Dalli - cache_stores branch - or Lockbox::Cache::Store for Active Support cache store)
  • Use Fiddle for Libsodium - libsodium branch
  • Warn (and eventually throw error) if the master key is passed to Lockbox.new
  • Require allow_empty option to encrypt empty string without padding
  • Encrypt empty strings in database fields - model_empty_string branch
  • Add support for encrypted Active Storage service (can wrap any other service) - more useful in 6.1+ since multiple services are supported (blocked since encryption needs to happen before checksum is computed)
  • Store the encryption version to make it easy to see which data has been rotated and avoid trying multiple keys. Could be done in an optional new field (email_ciphertext_version, license_version, blob metadata) or directly in the ciphertext (needs to work for files/binary data)
  • Default padding for encoded strings to reduce data leakage (cons: less standard, slightly more space)
  • Prefer ActiveSupport.on_load(:action_text_rich_text) { ActionText::RichText.encrypts :body } over Lockbox.encrypts_action_text_body (more code but less magic)
  • Add pretty_print method (similar to inspect)

On hold

  • Support for streaming encryption (probably not needed) - streaming branch
  • Better support for KMS (store key in data/metadata instead of DB) - kms_encrypt branch
  • Shrine support - shrine branch - WIP

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions