Use lockbox for credential encryption

Author: Navaneeth-pk

Gemfile

@@ -38,6 +38,7 @@ gem 'typhoeus'
 gem "mongo", "~> 2"
 gem 'aws-sdk', '~> 3'
 gem 'kaminari'
+gem 'lockbox'
 
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console

Gemfile.lock

@@ -1238,6 +1238,7 @@ GEM
     listen (3.5.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
+    lockbox (0.6.4)
     lograge (0.11.2)
       actionpack (>= 4)
       activesupport (>= 4)
@@ -1375,6 +1376,7 @@ DEPENDENCIES
   jwt
   kaminari
   listen (~> 3.3)
+  lockbox
   lograge
   mongo (~> 2)
   mysql2

app/models/credential.rb

@@ -1,5 +1,3 @@
 class Credential < ApplicationRecord
-  include Encryptable
-
-  attr_encrypted :value
+  encrypts :value
 end

app/models/data_source_user_oauth2.rb

@@ -1,8 +1,6 @@
 class DataSourceUserOauth2 < ApplicationRecord
-  include Encryptable
-
   belongs_to :user
   belongs_to :data_source
 
-  attr_encrypted :options
+  encrypts :options
 end

app/services/encryption_service.rb

@@ -0,0 +1 @@
+Lockbox.master_key = ENV.fetch('LOCKBOX_MASTER_KEY')

config/initializers/lockbox.rb

@@ -0,0 +1,5 @@
+class AddCipherTextToCredentials < ActiveRecord::Migration[6.1]
+  def change
+    add_column :credentials, :value_ciphertext, :text
+  end
+end

db/migrate/20210529101316_add_cipher_text_to_credentials.rb

@@ -0,0 +1,5 @@
+class AddCipherTextToDataSourceUserOauth2 < ActiveRecord::Migration[6.1]
+  def change
+    add_column :data_source_user_oauth2s, :options_ciphertext, :text
+  end
+end