Class: Acta::Types::EncryptedString

Inherits:

ActiveModel::Type::Value

• Object
• ActiveModel::Type::Value
• Acta::Types::EncryptedString

Defined in:

lib/acta/types/encrypted_string.rb

Overview

Per-attribute opt-in encryption for event payloads. Declare with ‘attribute :token, :encrypted_string` (or pass an instance directly).

Encryption uses Rails’ built-in ActiveRecord::Encryption — the same primary/deterministic/derivation keys configured for AR-encrypted columns. Configure once via ‘bin/rails db:encryption:init` and Rails credentials; key rotation works the same way (append a new primary, keep old keys for decryption).

In-memory values are always plaintext: ‘event.token` returns the raw secret. The encrypted form only appears in the serialized payload that’s written to the events table.

Instance Method Summary

• #cast(value) ⇒ Object
• #deserialize(value) ⇒ Object
• #initialize(deterministic: false) ⇒ EncryptedString constructor

  A new instance of EncryptedString.

• #serialize(value) ⇒ Object

Constructor Details

#initialize(deterministic: false) ⇒ EncryptedString

Returns a new instance of EncryptedString.

# File 'lib/acta/types/encrypted_string.rb', line 22

def initialize(deterministic: false)
  super()
  @deterministic = deterministic
end

Instance Method Details

#cast(value) ⇒ Object

# File 'lib/acta/types/encrypted_string.rb', line 27

def cast(value)
  return nil if value.nil?

  value.to_s
end

#deserialize(value) ⇒ Object

# File 'lib/acta/types/encrypted_string.rb', line 39

def deserialize(value)
  return nil if value.nil?

  str = value.to_s
  return str unless encryptor.encrypted?(str)

  encryptor.decrypt(str)
end

#serialize(value) ⇒ Object

# File 'lib/acta/types/encrypted_string.rb', line 33

def serialize(value)
  return nil if value.nil?

  encryptor.encrypt(value.to_s, **encrypt_options)
end