Asherah is a Ruby FFI wrapper around Go version of Asherah application-layer encryption SDK. Asherah provides advanced encryption features and defense in depth against compromise. It uses a technique known as "envelope encryption" and supports cloud-agnostic data storage and key management.
Check out the following documentation to get more familiar with the concepts and configuration options:
Currently supported platforms are Linux and Darwin operating systems for x64 and arm64 CPU architectures.
Add this line to your application's Gemfile:
gem 'asherah'bundle installOr install it yourself as:
gem install asherahConfigure Asherah:
Asherah.configure do |config|
config.kms = 'static'
config.metastore = 'memory'
config.service_name = 'service'
config.product_id = 'product'
endSee config.rb for all evailable configuration options.
Encrypt some data for a partition_id
partition_id = 'user_1'
data = 'PII data'
data_row_record_json = Asherah.encrypt(partition_id, data)
puts data_row_record_jsonDecrypt data_row_record_json
decrypted_data = Asherah.decrypt(partition_id, data_row_record_json)
puts decrypted_dataAfter checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
For tests requiring secrets (AWS KMS, database credentials), copy .env.secrets.example to .env.secrets and fill in the required values. The .env.secrets file is already in .gitignore to prevent accidental commits.
To install this gem onto your local machine, run rake install.
To release a new version, update the version number in version.rb, create and push a version tag:
git tag -a v$(rake version) -m "Version $(rake version)"
git push origin v$(rake version)
And then create a release in Github with title echo "Version $(rake version)" that will trigger .github/workflows/publish.yml workflow and push the .gem file to rubygems.org:
Bug reports and pull requests are welcome on GitHub at https://github.com/godaddy/asherah-ruby.
The gem is available as open source under the terms of the MIT License.