README.markdown in pgcrypto-0.1.1 vs README.markdown in pgcrypto-0.2.0

- old
+ new

@@ -5,26 +5,28 @@ so I make no promises as to its efficacy in the real world beyond my tiny, Rails-3.2-based utopia. Installation - -You need to have PGCrypto installed before this guy will work. [LMGTFY](http://lmgtfy.com/?q=how+to+install+pgcrypto). +PGCrypto will load the `pgcrypto` extension into your database if you haven't already, but this change will NOT get propagated +to your schema.rb file, so... go figure. You'll have to `CREATE EXTENSION IF NOT EXISTS pgcrypto` any database built from the +schema file (**HINT** that means your test databases). Anyway, do the following. -1. Add this to your Gemfile: +1. Add pgcrypto to your Gemfile: gem "pgcrypto" -2. Do this now: +2. Then bundle it: bundle 3. Generate the migration and the initializer: rails g pgcrypto:install rake db:migrate -4. Edit the initializer in `config/initializers/pgcrypto.rb` to point out your public and private GPG keys: +4. Edit the initializer in `config/initializers/pgcrypto.rb` to point to your public and private GPG keys: PGCrypto.keys[:private] = {:path => "~/.keys/private.key"} PGCrypto.keys[:public] = {:path => "~/.keys/public.key"} 5. Tell the User class to encrypt and decrypt the `social_security_number` attribute on the fly: @@ -46,11 +48,11 @@ a GPG-encrypted column that can only be decrypted with your secure key. Keys - -If you want to bundle your public key with your application, PGCrypto will automatically load `#{Rails.root}/.pgcrypto`, +If you want to bundle your public key with your application, PGCrypto will automatically load `RAILS_ROOT/.pgcrypto`, so feel free to put your public key in there. You can also tell PGCrypto about your keys in a number of fun ways. The most straightforward is to assign the actual content of the key manually: PGCrypto.keys[:private] = "-----BEGIN PGP PRIVATE KEY BLOCK----- ..." @@ -58,27 +60,16 @@ PGCrypto.keys[:private] = {:path => ".private.key", :armored => false, :password => "myKeyPASSwhichizneededBRO"} This is especially important if you password protect your private key files (and you SHOULD, for the record)! -You can also specify different keys for different purposes: +I recommend deploy-time passing of your private key and password, to ensure it doesn't wind up in any long-term +storage on your server, since if you're using this library you presumably care a little bit about security: - PGCrypto.keys[:user_public] = {:path => '.user_public.key'} - PGCrypto.keys[:user_private] = {:path => '.user_private.key'} - -If you do that, just tell PGCrypto which keys to use on which columns, using an optional hash on the end of the `pgcrypto` call: - - class User < ActiveRecord::Base - pgcrypto :social_security_number, :private_key => :user_private, :public_key => :user_public - end - -I recommend deploy-time passing of your private key and password, to ensure it -doesn't wind up in any long-term storage on the server: - PGCrypto.keys[:private] = {:value => ENV['PRIVATE_KEY'], :password => ENV['PRIVATE_KEY_PASSWORD']} -Warranty +Warranty (or lack thereof) - As I mentioned before, this library is one HUGE hack. This is just scratching the surface of keeping your data secure. For example, if you don't protect your log files, anyone who can read them can get your private and public keys and decrypt whatever the hell they want. You'll also have to scrub your logs, because un-encrypted data is displayed right @@ -87,13 +78,7 @@ Basically, this will make it easy to start with asymmetric, GPG-based, column-level encryption in PostgreSQL. But that's about it; the rest is up to you. **As such,** the author and Delightful Widgets Inc. offer ***ABSOLUTELY NO GODDAMN WARRANTY***. As I mentioned, this works great in our Rails 3.2 world, but YMMV if your version of Arel or ActiveRecord are ahead or behind ours. Sorry, folks. - -WTF NO TESTS?!! -- - -Nope. We built this inside of a production application, and used its test suite to debug everything. Since this is really just -a preview release, I haven't written a suite for it yet. Sorry. Copyright (C) 2012 Delightful Widgets, Inc. Built by Flip Sasser, Monkeypatcher Extraordinaire!