test/config/symmetric-encryption.yml in symmetric-encryption-2.2.0 vs test/config/symmetric-encryption.yml in symmetric-encryption-3.0.0

@@ -3,10 +3,11 @@
 #
 ---
 test:
   # Test RSA Key, DO NOT use this RSA key, generate a new one using
   #    openssl genrsa 2048
+  # Or use the rails generator to create a new config file as described in the readme
   private_rsa_key: |
     -----BEGIN RSA PRIVATE KEY-----
     MIIEpAIBAAKCAQEAxIL9H/jYUGpA38v6PowRSRJEo3aNVXULNM/QNRpx2DTf++KH
     6DcuFTFcNSSSxG9n4y7tKi755be8N0uwCCuOzvXqfWmXYjbLwK3Ib2vm0btpHyvA
     qxgqeJOOCxKdW/cUFLWn0tACUcEjVCNfWEGaFyvkOUuR7Ub9KfhbW9cZO3BxZMUf
@@ -34,20 +35,49 @@
     r1URaMAun2PfAB4g2N/kEZTExgeOGqXjFhvvjdzl97ux2cTyZhaTXg==
     -----END RSA PRIVATE KEY-----
 
   ciphers:
     # Current / Newest Symmetric Encryption Key
-    - key_filename: test/config/test_new.key
-      iv_filename:  test/config/test_new.iv
-      cipher_name:  aes-128-cbc
+    #
+    # To manually generate new keys once this file has been generated:
+    #   require 'symmetric_encryption'
+    #   SymmetricEncryption.generate_symmetric_key_files('this_file_name.yml', 'production')
+    -
+      key_filename:      test/config/test_new.key
+      iv_filename:       test/config/test_new.iv
+      cipher_name:       aes-128-cbc
       # Base64 encode encrypted data without newlines
-      encoding:     base64strict
-      version:      1
+      encoding:          base64strict
+      version:           2
+      always_add_header: true
 
-    # Previous Symmetric Encryption Key
-    - key_filename: test/config/test_secondary_1.key
-      iv_filename:  test/config/test_secondary_1.iv
-      cipher_name:  aes-128-cbc
+    # Prior Symmetric Encryption Key specified in environment variable
+    -
+      # Base64 encoded and RSA encrypted, encryption key
+      # encrypted_key can be used for retrieving the encrypted key from a source
+      # other than a local file.
+      #
+      # Example:
+      #  # An environment variable:
+      #  encrypted_key:   <%= ENV['KEY'] %>
+      #
+      # NOTE: Do not put the encrypted key directly in this file. It is only here
+      #       for testing purposes
+      encrypted_key:     <%= 'xFAsZ73PThktyo76PoNQGYnjCJUAd4+Yaz71bO5FajshXsbjkfZjjvbK9hxzWLr+C7X67hcrTypVHB1Rw0De8lRDqexlc87sTx1wtlz70lOvTBXt9Lv4sbJNLxacuqk545LIJpgK02Dq7FGzACV3jb3Yk+QQngiscETYM6PyiuFpReFB0qFOgCSLeBJsXAdNdqkEZggl8PL+lGDueDGeKUng+Ic/AFWPhJGYkk3xV++AGwUFXdDQeuHllxmV9WlzriHnDwzbfugkfGaRjWn808VXrv9Jgf2yRy++gOYUvRnjZ1ltOgXUEEmBVF2Uvhu+zs6C/D4cb1mkR7911M5naA==' %>
+      # For testing purposes only, the above RSA encrypted key is just:
+      #   key:               ABCDEF1234567890
+      iv:                1234567890ABCDEF
+      cipher_name:       aes-128-cbc
       # Base64 encode encrypted data without newlines
-      encoding:     base64
-      version:      0
+      encoding:          base64strict
+      version:           1
+      always_add_header: false
 
+    # First Symmetric Encryption Key
+    -
+      key_filename:      test/config/test_secondary_1.key
+      iv_filename:       test/config/test_secondary_1.iv
+      cipher_name:       aes-128-cbc
+      # Base64 encode encrypted data
+      encoding:          base64
+      version:           0
+      always_add_header: false