Skip to content

Commit

Permalink
Add encryption for ConnectedApps::Vine#data
Browse files Browse the repository at this point in the history 
Added layer of security, we encrypt the API key and related secret.
It requires setting up some encryption keys that can be generated wiht
`bin/rails db:encryption:init`
  • Loading branch information
@rioug
rioug committed Oct 7, 2024
1 parent b14a1e7 commit a3d8ae6
Show file tree
Hide file tree
Showing 5 changed files with 28 additions and 0 deletions.
6 changes: 6 additions & 0 deletions .env
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,3 +61,9 @@ SMTP_PASSWORD="f00d"
# NEW_RELIC_AGENT_ENABLED=true
# NEW_RELIC_APP_NAME="Open Food Network"
# NEW_RELIC_LICENSE_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

# Database encryption configuration, required for VINE connected app
# Generate with bin/rails db:encryption:init
# ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
# ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
# ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
5 changes: 5 additions & 0 deletions .env.development
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,8 @@ SITE_URL="0.0.0.0:3000"
RACK_TIMEOUT_SERVICE_TIMEOUT="0"
RACK_TIMEOUT_WAIT_TIMEOUT="0"
RACK_TIMEOUT_WAIT_OVERTIME="0"

# Database encryption configuration, required for VINE connected app
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY="dev_primary_key"
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY="dev_determinnistic_key"
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT="dev_derivation_salt"
4 changes: 4 additions & 0 deletions .env.test
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,7 @@ SITE_URL="test.host"
OPENID_APP_ID="test-provider"
OPENID_APP_SECRET="12345"
OPENID_REFRESH_TOKEN="dummy-refresh-token"

ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY="test_primary_key"
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY="test_deterministic_key"
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT="test_derivation_salt"
2 changes: 2 additions & 0 deletions app/models/connected_apps/vine.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
#
module ConnectedApps
class Vine < ConnectedApp
encrypts :data

def connect(api_key:, secret:, vine_api:, **_opts)
response = vine_api.my_team

Expand Down
11 changes: 11 additions & 0 deletions config/application.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,5 +255,16 @@ module ::Reporting; end
config.exceptions_app = self.routes

config.view_component.generate.sidecar = true # Always generate components in subfolders

# Database encryption configuration, required for VINE connected app
config.active_record.encryption.primary_key = ENV.fetch(
"ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY", nil
)
config.active_record.encryption.deterministic_key = ENV.fetch(
"ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY", nil
)
config.active_record.encryption.key_derivation_salt = ENV.fetch(
"ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT", nil
)
end
end

0 comments on commit a3d8ae6

Please sign in to comment.