Asherah
Asherah is a Ruby FFI wrapper around Go version of Asherah application-layer encryption SDK. Asherah provides advanced encryption features and defense in depth against compromise. It uses a technique known as "envelope encryption" and supports cloud-agnostic data storage and key management.
Check out the following documentation to get more familiar with the concepts and configuration options:
Supported Platforms
Currently supported platforms are Linux and Darwin operating systems for x64 and arm64 CPU architectures.
Installation
Add this line to your application's Gemfile:
gem 'asherah'
bundle install
Or install it yourself as:
gem install asherah
Usage
Configure Asherah:
Asherah.configure do |config|
config.kms = 'static'
config. = 'memory'
config.service_name = 'service'
config.product_id = 'product'
end
See config.rb for all evailable configuration options.
Encrypt some data for a partition_id
partition_id = 'user_1'
data = 'PII data'
data_row_record_json = Asherah.encrypt(partition_id, data)
puts data_row_record_json
Decrypt data_row_record_json
decrypted_data = Asherah.decrypt(partition_id, data_row_record_json)
puts decrypted_data
Development
After checking out the repo, run bin/setup
to install dependencies. Then, run rake spec
to run the tests. You can also run bin/console
for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run rake install
.
To release a new version, update the version number in version.rb
, create and push a version tag:
git tag -a v$(rake version) -m "Version $(rake version)"
git push origin v$(rake version)
And then create a release in Github with title echo "Version $(rake version)"
that will trigger .github/workflows/publish.yml
workflow and push the .gem
file to rubygems.org:
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/godaddy/asherah-ruby.
License
The gem is available as open source under the terms of the MIT License.