Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
大事なデータを守りたい!ActiveRecord Encryptionと、より安全かつ検索可能...
Search
free_world21
October 27, 2024
Programming
0
11
大事なデータを守りたい!ActiveRecord Encryptionと、より安全かつ検索可能な暗号化手法の実装例の紹介
Kaigi on Rails Day2にて使用した発表用スライドです。
https://kaigionrails.org/2024/talks/f-world21/
free_world21
October 27, 2024
Tweet
Share
More Decks by free_world21
See All by free_world21
DjangoとRailsを使って趣味として政治資金を透明化するプロダクトを作ってる話
free_world21
0
43
Ruby on Rails on Kubernetesってどうなの?
free_world21
0
10
Ruby on Rails と Django を比較してみる
free_world21
1
190
Shinjuku.rb#95:心の技術書紹介
free_world21
1
230
Rails engineを用いたゆるふわモジュラーモノリス のご紹介
free_world21
1
390
『Railsオワコン』と言われる時代に、なぜブルーモ証券はRailsを選ぶのか
free_world21
3
1.2k
東証障害報告書を読み解く
free_world21
0
210
Ruby/Railsの勉強会のおかげでブルーモ証券起業した
free_world21
2
450
エンジニアとしての属性軸(自己分析軸?)を考えてみた
free_world21
0
110
Other Decks in Programming
See All in Programming
来たるべき 8.0 に備えて React 19 新機能と React Router 固有機能の取捨選択とすり合わせを考える
oukayuka
2
880
Benchmark
sysong
0
280
AIコーディング道場勉強会#2 君(エンジニア)たちはどう生きるか
misakiotb
1
270
生成AIコーディングとの向き合い方、AIと共創するという考え方 / How to deal with generative AI coding and the concept of co-creating with AI
seike460
PRO
1
350
Google Agent Development Kit でLINE Botを作ってみた
ymd65536
2
210
明示と暗黙 ー PHPとGoの インターフェイスの違いを知る
shimabox
2
390
ニーリーにおけるプロダクトエンジニア
nealle
0
700
GraphRAGの仕組みまるわかり
tosuri13
8
510
Cursor AI Agentと伴走する アプリケーションの高速リプレイス
daisuketakeda
1
130
データの民主化を支える、透明性のあるデータ利活用への挑戦 2025-06-25 Database Engineering Meetup#7
y_ken
0
340
エンジニア向け採用ピッチ資料
inusan
0
180
新メンバーも今日から大活躍!SREが支えるスケールし続ける組織のオンボーディング
honmarkhunt
1
270
Featured
See All Featured
GraphQLとの向き合い方2022年版
quramy
49
14k
We Have a Design System, Now What?
morganepeng
53
7.7k
The Straight Up "How To Draw Better" Workshop
denniskardys
234
140k
Raft: Consensus for Rubyists
vanstee
140
7k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
500
Git: the NoSQL Database
bkeepers
PRO
430
65k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
Documentation Writing (for coders)
carmenintech
72
4.9k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
680
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
17
950
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Transcript
ブルーモ証券株式会社 ©2024 Bloomo Securities Inc. େࣄͳσʔλΛकΓ͍ͨʂ "DUJWF3FDPSE&ODSZQUJPOͱɺ ΑΓ҆શ͔ͭݕࡧՄೳͳ ҉߸Խख๏ͷ࣮ྫͷհ ,BJHJPO3BJMT%BZ!)BMM#MVF
খྛޛ࢙ OPFM 4BU
©2024 Bloomo Securities Inc. • খྛޛ࢙ʢখྛϊΤϧʣ • ϒϧʔϞূ݊גࣜձࣾऔక$50 • 0NPUFTBOEPSC
3PQQPOHJSC 4IJOKVLVSCͱ͔ʹΑ͍͘· ͢ • ཱྀߦɾੈքͷίϫʔΩϯάεϖʔεΊ͙Γʢϫʔέʔγϣϯ తͳԿ͔ʣ͕͖ • झຯͰʲ࣏ࢿۚσʔλϕʔεʳΛ։ൃͯ͠·͢ ͖ͳόϯυ • -`"SDdFOd$JFM 1*&3305 THE FARM@NY CARR WORKPLACE@Chicago @free_world21
©2024 Bloomo Securities Inc. *OEFY ձࣾհˍഎܠհ ͦͦ҉߸Խͱʁ "DUJWF3FDPSE&ODSZQUJPOͷհ "DUJWF3FDPSE&ODSZQUJPOͰ࣮ݱͮ͠Β͍ཁ݅ͷྫ ֤छ҉߸Խख๏͝հ
attr_encryptedΛ࣮ͬͨྫ ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհ ·ͱΊ • ͞ͳ͍͜ͱɿ҉߸ԽΞϧΰϦζϜͱ͔ൿີܭࢉɾݕࡧͱ͔ • ରऀɿ։ൃ͍ͯ͠Δ3BJMTΞϓϦͷσʔλ҉߸Խʹڵຯ͕͋Δਓ • తɿ"DUJWF3FDPSE&ODSZQUJPO BUUS@FODSZQUFE MPDLCPYͷ֓ཁͱ͔͍ͭͲ͜ΖΛཧղ͢Δ͜ͱ • ൃදࢿྉޙ΄Ͳެ։͠·͢
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrϓϩμΫτ ถࠃגࢿ࢈ӡ༻ΞϓϦ#MPPNPΛఏڙதʂ ίϐϖͰʮόϑΣοτࢿʯεϚϗ݁Ͱएऀؾܰʹ :065)'*/"/$&ᶃ
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrϓϩμΫτػೳ ϙʔτϑΥϦΦػೳͰɺߴͳࢿ࢈ӡ༻ͷϋʔυϧΛԼ͍͛ͯΔ ϙʔτϑΥϦΦࢿػೳ ڞ༗ɾίϐʔػೳ ถࠃגɾ&5'ͰཧͷϙʔτϑΥϦΦΛ࡞ͨ͠Βɺ ྆ସങϒϧʔϞ͕ࣗಈࣥߦͯ͘͠ΕΔɻ
ෳฑͷࢄࢿ͕खؒͳ࣮͘ݱͰ͖Δ ʢϢʔβʔͷอ༗ฑҎ্ʢຊฏۉͷഒఔʣʣ ॳ৺ऀͰϙʔτϑΥϦΦ࡞͕Մೳʹ ʢϢʔβʔͷׂҎ্͕ίϐʔ͔Β։࢝ʣ ઐՈଞͷϢʔβʔͷϙʔτϑΥϦΦΛݟͯɺ ϫϯλοϓͰίϐʔͰ͖Δɻ
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrۀ͔Β͜Ε·ͰͷาΈ ݄ ݄
݄ ݄ ݄ ݄ ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥϯυ ԯԁௐୡ ট੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種(証券会社) ライセンス取得・プロダクトリリースを続けてきた。
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrۀ͔Β͜Ε·ͰͷาΈ ݄ ݄
݄ ݄ ݄ ݄ ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥϯυ ԯԁௐୡ ট੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種(証券会社) ライセンス取得・プロダクトリリースを続けてきた。 ূ݊ձࣾͱͯ͠ͷ rails new .
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrۀ͔Β͜Ε·ͰͷาΈ ݄ ݄
݄ ݄ ݄ ݄ ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥϯυ ԯԁௐୡ ট੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種(証券会社) ライセンス取得・プロダクトリリースを続けてきた。 ূ݊ձࣾͱͯ͠ͷ rails new .
©2024 Bloomo Securities Inc. ձࣾհˍഎܠհrূ݊γεςϜΛ࡞Δ͏͑Ͱ • Կ͔גΛങ͏ͨΊʹূ݊ձࣾͷޱ࠲Λͭ͘Βͳ͚Ε͍͚ͳ͍ • ূ݊ձࣾʢͷγεςϜʣΛ࡞ΔͨΊʹ༷ʑͳཁ݅ʢ๏ͳͲʣΛकΒͳ͚Ε͍͚ͳ͍ •
ηΩϡϦςΟʔपΓʹΑΓؾΛ͏ඞཁ͕͋Δ • αΠόʔ߈ܸͳͲΛؚΉɺใηΩϡϦςΟʹؔ͢ΔڴҖ͕ͷ͍͍͢͝Ͱڧ·͍ͬͯΔ – ૬͙࣍ݸਓใྲྀग़ – ϥϯαϜΣΞʹΑΔඃʢχίχίಈըʣ ͓٬༷ʢ͏ଆʣઢ ΤϯδχΞʢ࡞Δଆʣઢ
©2024 Bloomo Securities Inc. ͦͦ҉߸Խͱʁ҉߸ԽͱϋογϡԽ “小林ノエル” “m6mlF70S3Qoqt86hyUJzWxhwW6JYgyXgBPPJHrhvVAGQ” “$2a$10$aBy67z2lE8O/OO/Xfnr7ZO6sQCP948cWDM/9Mi fMGR5472nkfqGUW” “小林ノエル”
҉߸Խ ϋογϡԽ • σʔλΛಛఆͷ҉߸ݤΛͬͯม͠ɺਖ਼͍͠ݤ͕ͳ͍ͱݩʹͤͳ͍Α͏ʹ͢Δॲཧ • σʔλͷػີੑΛอޢ͢ΔͨΊʹΘΕΔ • σʔλΛҰํͷݻఆͷʹม͢Δ͜ͱͰɺݩͷσʔλʹͤͳ͍Α͏ʹ͢Δॲཧ • ओʹσʔλͷ߹ੑΛ֬ೝ͢ΔͨΊʹΘΕΔ 🔑 ฏจ ҉߸จ ݩσʔλ ϋογϡ
©2024 Bloomo Securities Inc. ͦͦ҉߸Խͱʁͳͥ҉߸Խ͢Δͷ͔ • ೖޱରࡦɾ෦ରࡦɾग़ޱରࡦͷ͏ͪɺ෦ରࡦͷ͏ͪͷͭ – ೖޱରࡦ •
ϑΝΠΞΥʔϧɾϑΟϧλʔ • ଟཁૉೝূɺ71/ͳͲ – ෦ରࡦ • σʔλ҉߸Խ • ϩάࢹ – ग़ޱରࡦ • ௨৴Ͱ͖Δܦ࿏ΛߜΔ • ֎෦σόΠεͷσʔλॻ͖ࠐΈ੍ݶ • Կ͔σʔλ͕ྲྀग़ͨ͠ͱ͖ͷඃΛ͑ΔͨΊͷख๏
©2024 Bloomo Securities Inc. ͦͦ҉߸Խͱr҉߸ԽΛ͢Δࡍʹߟྀ͖͢ϙΠϯτ • ҉߸ԽͷΞϧΰϦζϜ – %&4 "&4
34" &$$ ʜ – ΄ͱΜͲͷ߹ϑϨʔϜϫʔΫϥΠϒϥϦͷσϑΥϧτʢਪʣͷͷΛ͑0, • ຊͷ͓ͷείʔϓ֎ • ݤͷཧํ – ҉߸ݤΛͲ͜ʹ͓͍ͯ୭͕ཧ͢Δͷ͔ʁ • ҉߸Խͷ୯Ґ – ͲͷΑ͏ͳ୯ҐͰ҉߸Խ͢Δ͔ • ΞϓϦέʔγϣϯͯ͢ΛͭͷݤͰҰׅ҉߸Խ • ͋Δఔ·ͱ·ͬͨ୯Ґʢςʔϒϧ͝ͱͱ͔ʣͰ҉߸ݤΛΘ͚Δ • Ϩίʔυ͝ͱʹ҉߸ݤΛΘ͚Δ • ݕࡧੑೳ – ҉߸Խͨ͠σʔλΛ%#ʹೖΕΔͱଟ͘ͷ߹Ͱݕࡧ͕Ͱ͖ͳ͘ͳΔ – ඞཁʹԠͯ͡ΞϓϦέʔγϣϯϨΠϠͰݕࡧػೳΛ࣮͢Δඞཁ͕͋Δ ݤͷཧํ ҉߸Խͷ୯Ґ ݕࡧੑೳ
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷհr֓ཁͱ؆୯ͳ͍ํͷ͝հ • 3BJMT "DUJWF3FDPSE ʹΈࠐ·Ε͍ͯΔ҉߸Խػߏ
– %#ʹอଘ͢Δͱ͖ʹ҉߸Խ͞Εͯอଘ͞ΕΔ – ΞϓϦέʔγϣϯɿฏจͱͯ͠ѻ͑Δɺ%#ɿ҉߸จͱͯ͠อଘ͞ΕΔ $ rails db:encryption:init Add this entry to the credentials of the target environment: active_record_encryption: primary_key: azc7QkZYSg9ll01TjBNpnURUnF42gt1s deterministic_key: U987a4KAnhfA5oAQrLY7pYaTqysIYqqE key_derivation_salt: puoi8lJbvyM4FQErFYJ26BFuE1OJLHtf secret_key_base: hogehogefugafuga…… active_record_encryption: primary_key: azc7QkZYSg9ll01TjBNpnURUnF42gt1s deterministic_key: U987a4KAnhfA5oAQrLY7pYaTqysIYqqE key_derivation_salt: puoi8lJbvyM4FQErFYJ26BFuE1OJLHtf config/credentials.yml.enc にそのままコピペ
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷհr֓ཁͱ؆୯ͳ͍ํͷ͝հ • 3BJMT "DUJWF3FDPSE ʹΈࠐ·Ε͍ͯΔ҉߸Խػߏ
– %#ʹอଘ͢Δͱ͖ʹ҉߸Խ͞Εͯอଘ͞ΕΔ – ΞϓϦέʔγϣϯɿฏจͱͯ͠ѻ͑Δɺ%#ɿ҉߸จͱͯ͠อଘ͞ΕΔ class PersonalInfo < ApplicationRecord encrypts :first_name encrypts :last_name end
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷհr֓ཁͱ؆୯ͳ͍ํͷ͝հ • ҉߸ݤଐੑ͝ͱʹจࣈྻΧελϜΩʔϓϩόΠμΛࢦఆՄೳ class PersonalInfo
< ApplicationRecord encrypts :first_name, key: "some secret key for personal_info" encrypts :last_name, key_provider: PersonalInfoKeyProvider.new end • ܾఆత҉߸ԽΛ͑ݕࡧՄೳ class PersonalInfo < ApplicationRecord encrypts :first_name, deterministic: true encrypts :last_name, deterministic: true end
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷհrʲ҉߸ԽΛ͢Δࡍʹߟྀ͖͢ϙΠϯτʳʹরΒ͠߹ΘͤΔͱ • ݤͷཧํ – config/credentials.yml.enc ʹهࡌ
– ΧελϜΩʔϓϩόΠμΛ͑ϓϩάϥϜతʹऔಘՄೳʢྫɿ,.4 4FDSFU.BOBHFS ʣ • ҉߸Խͷ୯Ґ – σϑΥϧτͰ୯ҰͷݤͰͯ͢ͷରσʔλΛ҉߸Խ – ΧελϜΩʔϓϩόΠμΛ͑ɺΫϥεʢςʔϒϧʣ͝ͱʹ͚Δ͜ͱՄೳ • ݕࡧੑೳ – σϑΥϧτͰඇܾఆత҉߸ԽʢݕࡧෆՄೳʣ – ܾఆత҉߸ԽϞʔυʹ͢ΕݕࡧՄೳ ݤͷཧํ ҉߸Խͷ୯Ґ ݕࡧੑೳ
©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͰ࣮ݱͮ͠Β͍ཁ݅rۚ༥ػؔΛྫʹ • ݤͷཧํ – ਓ͕ؒཧͨ͘͠ͳ͍ –
ʢ͜͜"DUJWF3FDPSE&ODSZQUJPOͰ࣮ݱͰ͖Δʣ • ҉߸Խͷ୯Ґ – ձࣾͦͷͷͷੑ࣭ˍѻ͏σʔλͷॏཁੑ͔ΒɺϨίʔυ͝ͱʹҟͳΔ҉߸ݤΛ͍͍ͨ • ݸਓใ • ϚΠφϯόʔʢҰ࣌తʣ • ຊਓ֬ೝॻྨը૾ʢ໔ڐূͳͲʣ • ʢΫϨδοτΧʔυ൪߸ʣ • ݕࡧੑೳ – ͓٬༷͔Βͷ͍߹Θ͕ͤ͋ͬͨͱ͖ʹɺຊਓ֬ೝͷͨΊʹҰఆ߲Ͱͷݕࡧඞཁ • ໊લͱੜ݄ • ॅॴ ݤͷཧํ ҉߸Խͷ୯Ґ ݕࡧੑೳ
©2024 Bloomo Securities Inc. ֤छ҉߸Խख๏͝հrattr_encryptedͱlockbox • 3BJMT✕҉߸ԽͰҰ൪ྺ࢙͕ݹ͍ – "DUJWF3FDPSE&ODSZQUJPOҎલ͔Β͋Δ –
'JSTUSFMFBTF • ଟ͘ͷࢀߟจݙ͕͋Δ • খྛ͕ࣗੲ͔Βͬͯͨܦݧ͕͋Δ • attr_encrypted ͷݱ൛తͳҐஔ͚ͮ • ͍ํ"DUJWF3FDPSE&ODSZQUJPOattr_encryptedͱ͍͍ͩͨಉ͡ • "DUJWF3FDPSE&ODSZQUJPOΑΓগ͚ͩ͠લʹॳظϦϦʔε – "DUJWF3FDPSE&ODSZQUJPO 3BJMT – lockboxGJSTUSFMFBTF attr_enctypted lockbox
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr҉߸ݤͷཧํͷΦϓγϣϯ ڥมʹฏจͷ҉߸ݤΛஔ͘ – Ұ൪γϯϓϧͰ؆୯͕ͩ੬ऑ
4FDSFU.BOBHFSͳͲΞϓϦέʔγϣϯαʔόͷ֎ʹฏจͷ҉߸ݤΛஔ͘ – 👆ΑΓ҆શ͕ͩґવͱͯ͠ਓ͕ؒཧ͢Δඞཁ͕͋Δ 3BJMTͷ&ODZQUFE$SFEFOUJBMTΛ͏ – credentials.yml.encΛෳ߹͢Δݤʢmaster.keyʣΛͲ͏͢Δ͔ͱ͍͏ݦࡏ – ͬͺΓਓ͕ؒཧ͢Δඞཁ͕͋Δ ,FZ.BOBHFNFOU4FSJWDFΛ͔ͭ͏ – "84 ($1 "[VSFͳͲɺΫϥυϓϩόΠμͳΒجຊతʹఏڙͯ͠Δ
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr,FZ.BOBHFNFOU4FSWJDFͱʢ"84Λྫʹʣ • $VTUPNFS.BTUFS,FZʢ$.,ʣΛࢦఆͯ͠ɺEBUBLFZʢ৽͍͠҉߸ݤʣΛཁٻ͢Δ – "
• ҎԼͷͷ͕,.4͔Βฦͬͯ͘Δ – "ฏจͷ҉߸ݤ – #"͕҉߸Խ͞Εͨͷ • ҉߸Խɿ"Ͱ҉߸Խͯ͠ɺͦΕফڈɻ#Λ%#ͳͲʹอଘ͓ͯ͘͠ɻ • ෮߸Խɿ#Λ,.4ʹ͚͛ͭΔͱ෮߸Խͯ͠ฦͯ͘͠ΕΔʢ"ΛಘΒΕΔʣͷͰɺσʔλຊମ Λ"Ͱ෮߸Խ͢Δ CMK has_many :data_keys
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr,.4ΛͬͨϨίʔυ͝ͱͷ҉߸Խ࣮ྫ ,.4͔Βऔಘͨ͠ʲ҉߸Խ͞Εͨ҉߸ݤ #
ʳΛอଘ͢ΔͨΊͷΧϥϜ encrypted_data_keyΛ҉߸ԽରΫϥεʢςʔϒϧʣʹՃ ԼهͷΑ͏ͳϝιουΛͭmoduleΛఆٛ module KmsKey def data_key kms_client = Aws::KMS::Client.new(region: aws_region) if self.encrypted_data_key kms_client.decrypt(ciphertext_blob: self.encrypted_data_key) else resp = kms_client.generate_data_key( key_id: Rails.application.config.x.common['kms_cmk_id’], key_spec: 'AES_256’, ) self.encrypted_data_key = resp.ciphertext_blob resp.plaintext end end
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr,.4ΛͬͨϨίʔυ͝ͱͷ҉߸Խ࣮ྫ ҉߸ԽରϑΟʔϧυΛఆٛ class
PersonalInfo < ApplicationRecord include KmsKey attr_encrypted :first_name, key: :data_key, algorithm: 'aes-256-gcm’ attr_encrypted :last_name, key: :data_key, algorithm: 'aes-256-gcm'
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫr,.4ΛͬͨϨίʔυ͝ͱͷ҉߸Խ࣮ྫ Ϩίʔυ͝ͱʹ҉߸ݤΛม͑ͭͭɺಁաతʹѻ͑ΔΑ͏ʹͳΔ personal_info.first_name
= ”ϊΤϧ” personal_info.last_name = “খྛ” personal_info.save! personal_info = PersonalInfo.find(1) puts personal_info.first_name # => “ϊΤϧ” puts personal_info.last_name # => “খྛ”
©2024 Bloomo Securities Inc. attr_encryptedΛ࣮ͬͨྫrΞοϓϩʔυը૾ͷ҉߸Խ class IdDocumentImage < ApplicationRecord
include KmsKey mount_uploader :uploader, IdDocumentImageUploader before_save :encrypt_file! def encrypt_file! iv = Cipher.generate_iv self.uploader_iv = Base64.strict_encode64(iv) cipher = Cipher.new(key: data_key, cipher_iv: iv) resp = cipher.encrypt(value: uploader.file.read) File.binwrite(uploader.file.path, resp) end • DBSSJFSXBWFΛྫʹ͝հ • Ϩίʔυ͝ͱʹ҉߸ݤΛม͑ͭͭɺΞοϓϩʔυը૾ͦͷͷ҉߸Խͯ͠อଘ
©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհr҉߸Խͭͭ͠ݕࡧՄೳʹ͢ΔΦϓγϣϯ ܾఆత҉߸ԽΛ͏ – "DUJWF3FDPSE&ODSZQUJPO͕࠾༻͍ͯ͠Δํ –
ಉ͡҉߸ԽݤͰ҉߸Խ͍ͯ͠Δσʔλ܊ʹରͯ͠Մೳͳख๏ &MBTUJD4FBSDIͳͲͷݕࡧϞδϡʔϧΛ༻ҙ͠ɺͦ͜ʹฏจͷσʔλΛ֨ೲ͢Δ – &MBTUJD4FBSDIΞϓϦέʔγϣϯαʔό͔ΒͷΈΞΫηεՄೳͰɺܦ࿏ྖҬ҆શͱ ͍͏લఏ ݕࡧ࣌ΞϓϦέʔγϣϯαʔόͰҰׅෳ߹ͯ͠ɺίʔυ্Ͱݕࡧ͢Δ – PersonalInfo.all.eachΈ͍ͨʹ͢ΔΠϝʔδ ݕࡧ༻ʹରϑΟʔϧυʢࢯ໊ɺॅॴͳͲʣͷϋογϡΛผςʔϒϧʹอଘ͢Δ – શҰகͷݕࡧͷΈՄೳ
©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհr҉߸ԽରσʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞͢Δྫ class PersonalInfoHash < ApplicationRecord
belongs_to :personal_info end class PersonalInfo < ApplicationRecord include KmsKey …… has_many :personal_info_hashes • PersonalInfoHashϞσϧʢςʔϒϧʣΛఆٛ – key: string – value: string
©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհr҉߸ԽରσʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞͢Δྫ class PersonalInfo < ApplicationRecord
after_save :save_hashes def save_hashes save_name_hash save_tel_hash ... end def save_name_hash raw_value = last_name + first_name pi_hash = personal_info_hashes.find_or_initialize_by(key: 'last_name_and_first_name’) pi_hash.value = BCrypt::Engine.hash_secret(raw_value, ENV['HASH_SALT’]) pi_hash.save! end • after_save ͱ͔ͰPersonalInfo ͷϨίʔυͱҰॹʹ࡞Δ • ҉߸ֶత)BTIؔͱΓ͋͑ͣBcrypt͓͚ͬͯྑͦ͞͏
©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷհr҉߸ԽରσʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞͢Δྫ hash_value = BCrypt::Engine.hash_secret(searching_value, ENV['HASH_SALT’])
personal_infos = PersonalInfoHash .where(key: 'last_name_and_first_name', hash_value: hash_value) .map(&:personal_info) • ݕࡧ͢Δͱ͖ݕࡧϫʔυͷϋογϡΛܭࢉͯ͠ݕࡧ
©2024 Bloomo Securities Inc. ·ͱΊ Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ڥม 4FDSFU.BOBHFS
DSFEFOUJMBTZNMFOD ,.4 ܾఆత҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI ۪ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ͍ํ ΧελϚΠζ͢ΕͰ͖Δ • ࠓճ͝հͨ͠ํ๏Λಛੑ͝ͱʹ·ͱΊ·͢ ҉߸Խͷ ୯Ґ ҉߸ݤͷ ཧ ݕࡧख๏
©2024 Bloomo Securities Inc. ·ͱΊr"DUJWF3FDPSE&ODSZQUJPO Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ڥม 4FDSFU.BOBHFS
DSFEFOUJMBTZNMFOD ,.4 ܾఆత҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI ۪ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ͍ํ ΧελϚΠζ͢ΕͰ͖Δ • େͷཁ݅ຬͨͤΔ • ಋೖͷෑډ͍ – config.active_record.encryption.support_unencrypted_data = true ҉߸Խͷ ୯Ґ ҉߸ݤͷ ཧ ݕࡧख๏
©2024 Bloomo Securities Inc. ·ͱΊrBUUS@FODSZQUFEMPDLCPY Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ܾఆత҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI
۪ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ͍ํ ΧελϚΠζ͢ΕͰ͖Δ • "DUJWF3FDPSE&ODSZQUJPOͰཁ͕݅ຬͨͤͳ͍߹ʢϨίʔυ͝ͱ҉߸ԽͳͲʣʹݕ౼ • ,.4ར༻ kms_encrypted ɺϋογϡԽݕࡧ blind_index ผͷgem͕͋Δ • ৽نҊ݅ͳΒlockboxɺطଘίʔυΛ͍·Θ͍ͨ͠߹attr_encrypted ҉߸Խͷ ୯Ґ ҉߸ݤͷ ཧ ݕࡧख๏ ڥม 4FDSFU.BOBHFS DSFEFOUJMBTZNMFOD ,.4
©2024 Bloomo Securities Inc. Ұॹʹ#MPPNPͷαʔϏε։ൃΛ ͯ͘͠ΕΔؒΛืूதʂ https://careers.bloomo.co.jp/ 8FBSF)JSJOH