大事なデータを守りたい！ActiveRecord Encryptionと、より安全かつ検索可能な暗号化手法の実装例の紹介

ブルーモ証券株式会社 ©2024 Bloomo Securities Inc. େࣄͳσʔλΛकΓ͍ͨʂ "DUJWF3FDPSE&ODSZQUJPOͱɺ ΑΓ҆શ͔ͭݕࡧՄೳͳ ҉߸Խख๏ͷ࣮૷ྫͷ঺հ ,BJHJPO3BJMT%BZ!)BMM#MVF
খྛޛ࢙ OPFM 4BU

©2024 Bloomo Securities Inc. • খྛޛ࢙ʢখྛϊΤϧʣ • ϒϧʔϞূ݊גࣜձࣾऔక໾$50 • 0NPUFTBOEPSC
3PQQPOHJSC 4IJOKVLVSCͱ͔ʹΑ͍͘· ͢ • ཱྀߦɾੈքͷίϫʔΩϯάεϖʔεΊ͙Γʢϫʔέʔγϣϯ తͳԿ͔ʣ͕޷͖ • झຯͰʲ੓࣏ࢿۚσʔλϕʔεʳΛ։ൃͯ͠·͢ ޷͖ͳόϯυ • -`"SDdFOd$JFM 1*&3305 THE FARM@NY CARR WORKPLACE@Chicago @free_world21

©2024 Bloomo Securities Inc. *OEFY ձࣾ঺հˍഎܠ঺հ ͦ΋ͦ΋҉߸Խͱ͸ʁ "DUJWF3FDPSE&ODSZQUJPOͷ঺հ "DUJWF3FDPSE&ODSZQUJPOͰ͸࣮ݱͮ͠Β͍ཁ݅ͷྫ ֤छ҉߸Խख๏͝঺հ
attr_encryptedΛ࢖࣮ͬͨ૷ྫ ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հ ·ͱΊ • ࿩͞ͳ͍͜ͱɿ҉߸ԽΞϧΰϦζϜͱ͔ൿີܭࢉɾݕࡧͱ͔ • ର৅ऀɿ։ൃ͍ͯ͠Δ3BJMTΞϓϦͷσʔλ҉߸Խʹڵຯ͕͋Δਓ • ໨తɿ"DUJWF3FDPSE&ODSZQUJPO BUUS@FODSZQUFE MPDLCPYͷ֓ཁͱ͔͍ͭͲ͜ΖΛཧղ͢Δ͜ͱ • ൃදࢿྉ͸ޙ΄Ͳެ։͠·͢

©2024 Bloomo Securities Inc. ձࣾ঺հˍഎܠ঺հrϓϩμΫτػೳ ϙʔτϑΥϦΦػೳͰɺߴ౓ͳࢿ࢈ӡ༻ͷϋʔυϧΛԼ͍͛ͯΔ ϙʔτϑΥϦΦ౤ࢿػೳ ڞ༗ɾίϐʔػೳ ถࠃגɾ&5'Ͱཧ૝ͷϙʔτϑΥϦΦΛ࡞੒ͨ͠Βɺ ྆ସ΍ങ෇͸ϒϧʔϞ͕ࣗಈࣥߦͯ͘͠ΕΔɻ
ෳ਺໏ฑ΁ͷ෼ࢄ౤ࢿ͕खؒͳ࣮͘ݱͰ͖Δ ʢϢʔβʔͷอ༗໏ฑ਺͸Ҏ্ʢ೔ຊฏۉͷഒఔ౓ʣʣ ॳ৺ऀͰ΋ϙʔτϑΥϦΦ࡞੒͕Մೳʹ ʢϢʔβʔͷׂҎ্͕ίϐʔ͔Β։࢝ʣ ઐ໳Ո΍ଞͷϢʔβʔͷϙʔτϑΥϦΦΛݟͯɺ ϫϯλοϓͰίϐʔͰ͖Δɻ

©2024 Bloomo Securities Inc. ձࣾ঺հˍഎܠ঺հr૑ۀ͔Β͜Ε·ͰͷาΈ ݄ ݄
݄ ݄ ݄ ݄ ૑ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥ΢ϯυ ԯԁௐୡ ট଴੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ೥ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種（証券会社）ライセンス取得・プロダクトリリースを続けてきた。

©2024 Bloomo Securities Inc. ձࣾ঺հˍഎܠ঺հr૑ۀ͔Β͜Ε·ͰͷาΈ ݄ ݄
݄ ݄ ݄ ݄ ૑ۀ ূ݊ձࣾ ϥΠηϯεऔಘ ਖ਼ࣜϦϦʔε ʢҰൠެ։ʣ γʔυϥ΢ϯυ ԯԁௐୡ ট଴੍ϦϦʔε /*4"ޱ࠲ ఏڙ։࢝ ೥ͿΓͷূ݊ձࣾελʔτΞοϓͱ্ཱ͕ͯͪͬͨ͠ 個別株を取扱う証券会社スタートアップとしては、Finatext・FOLIO以来の存在。史上最速ペースで⾦商1種（証券会社）ライセンス取得・プロダクトリリースを続けてきた。 ূ݊ձࣾͱͯ͠ͷ rails new .

©2024 Bloomo Securities Inc. ձࣾ঺հˍഎܠ঺հrূ݊γεςϜΛ࡞Δ͏͑Ͱ • Կ͔גΛങ͏ͨΊʹ͸ূ݊ձࣾͷޱ࠲Λͭ͘Βͳ͚Ε͹͍͚ͳ͍ • ূ݊ձࣾʢͷγεςϜʣΛ࡞ΔͨΊʹ͸༷ʑͳཁ݅ʢ๏཯ͳͲʣΛकΒͳ͚Ε͹͍͚ͳ͍ •
ηΩϡϦςΟʔपΓʹ΋ΑΓؾΛ࢖͏ඞཁ͕͋Δ • αΠόʔ߈ܸͳͲΛؚΉɺ৘ใηΩϡϦςΟʹؔ͢ΔڴҖ͕΋ͷ͍͢͝੎͍Ͱڧ·͍ͬͯΔ – ૬͙࣍ݸਓ৘ใྲྀग़ – ϥϯαϜ΢ΣΞʹΑΔඃ֐ʢχίχίಈըʣ ͓٬༷ʢ࢖͏ଆʣ໨ઢ ΤϯδχΞʢ࡞Δଆʣ໨ઢ

©2024 Bloomo Securities Inc. ͦ΋ͦ΋҉߸Խͱ͸ʁ҉߸ԽͱϋογϡԽ “小林ノエル” “m6mlF70S3Qoqt86hyUJzWxhwW6JYgyXgBPPJHrhvVAGQ” “$2a$10$aBy67z2lE8O/OO/Xfnr7ZO6sQCP948cWDM/9Mi fMGR5472nkfqGUW” “小林ノエル”
҉߸Խ ϋογϡԽ • σʔλΛಛఆͷ҉߸ݤΛ࢖ͬͯม׵͠ɺਖ਼͍͠ݤ͕ͳ͍ͱݩʹ໭ͤͳ͍Α͏ʹ͢Δॲཧ • σʔλͷػີੑΛอޢ͢ΔͨΊʹ࢖ΘΕΔ • σʔλΛҰํ޲ͷݻఆ௕ͷ஋ʹม׵͢Δ͜ͱͰɺݩͷσʔλʹ໭ͤͳ͍Α͏ʹ͢Δॲཧ • ओʹσʔλͷ੔߹ੑΛ֬ೝ͢ΔͨΊʹ࢖ΘΕΔ 🔑 ฏจ ҉߸จ ݩσʔλ ϋογϡ஋

©2024 Bloomo Securities Inc. ͦ΋ͦ΋҉߸Խͱ͸ʁͳͥ҉߸Խ͢Δͷ͔ • ೖޱରࡦɾ಺෦ରࡦɾग़ޱରࡦͷ͏ͪɺ಺෦ରࡦͷ͏ͪͷͭ – ೖޱରࡦ •
ϑΝΠΞ΢ΥʔϧɾϑΟϧλʔ • ଟཁૉೝূɺ71/ͳͲ – ಺෦ରࡦ • σʔλ҉߸Խ • ϩά؂ࢹ – ग़ޱରࡦ • ௨৴Ͱ͖Δܦ࿏ΛߜΔ • ֎෦σόΠε΁ͷσʔλॻ͖ࠐΈ੍ݶ • Կ͔σʔλ͕ྲྀग़ͨ͠ͱ͖ͷඃ֐Λ཈͑ΔͨΊͷख๏

©2024 Bloomo Securities Inc. ͦ΋ͦ΋҉߸Խͱ͸r҉߸ԽΛ͢Δࡍʹߟྀ͢΂͖ϙΠϯτ • ҉߸ԽͷΞϧΰϦζϜ – %&4 "&4
34" &$$ ʜ – ΄ͱΜͲͷ৔߹ϑϨʔϜϫʔΫ΍ϥΠϒϥϦͷσϑΥϧτʢਪ঑ʣͷ΋ͷΛ࢖͑͹0, • ຊ೔ͷ͓࿩ͷείʔϓ֎ • ݤͷ؅ཧํ਑ – ҉߸ݤΛͲ͜ʹ͓͍ͯ୭͕؅ཧ͢Δͷ͔ʁ • ҉߸Խͷ୯Ґ – ͲͷΑ͏ͳ୯ҐͰ҉߸Խ͢Δ͔ • ΞϓϦέʔγϣϯ͢΂ͯΛͭͷݤͰҰׅ҉߸Խ • ͋Δఔ౓·ͱ·ͬͨ୯Ґʢςʔϒϧ͝ͱͱ͔ʣͰ҉߸ݤΛΘ͚Δ • Ϩίʔυ͝ͱʹ҉߸ݤΛΘ͚Δ • ݕࡧੑೳ – ҉߸Խͨ͠σʔλΛ%#ʹೖΕΔͱଟ͘ͷ৔߹Ͱݕࡧ͕Ͱ͖ͳ͘ͳΔ – ඞཁʹԠͯ͡ΞϓϦέʔγϣϯϨΠϠͰݕࡧػೳΛ࣮૷͢Δඞཁ͕͋Δ ݤͷ؅ཧํ਑ ҉߸Խͷ୯Ґ ݕࡧੑೳ

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷ঺հr֓ཁͱ؆୯ͳ࢖͍ํͷ͝঺հ • 3BJMT "DUJWF3FDPSE ʹ૊Έࠐ·Ε͍ͯΔ҉߸Խػߏ
– %#ʹอଘ͢Δͱ͖ʹ҉߸Խ͞Εͯอଘ͞ΕΔ – ΞϓϦέʔγϣϯ૚ɿฏจͱͯ͠ѻ͑Δɺ%#૚ɿ҉߸จͱͯ͠อଘ͞ΕΔ $ rails db:encryption:init Add this entry to the credentials of the target environment: active_record_encryption: primary_key: azc7QkZYSg9ll01TjBNpnURUnF42gt1s deterministic_key: U987a4KAnhfA5oAQrLY7pYaTqysIYqqE key_derivation_salt: puoi8lJbvyM4FQErFYJ26BFuE1OJLHtf secret_key_base: hogehogefugafuga…… active_record_encryption: primary_key: azc7QkZYSg9ll01TjBNpnURUnF42gt1s deterministic_key: U987a4KAnhfA5oAQrLY7pYaTqysIYqqE key_derivation_salt: puoi8lJbvyM4FQErFYJ26BFuE1OJLHtf config/credentials.yml.enc にそのままコピペ

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷ঺հr֓ཁͱ؆୯ͳ࢖͍ํͷ͝঺հ • 3BJMT "DUJWF3FDPSE ʹ૊Έࠐ·Ε͍ͯΔ҉߸Խػߏ
– %#ʹอଘ͢Δͱ͖ʹ҉߸Խ͞Εͯอଘ͞ΕΔ – ΞϓϦέʔγϣϯ૚ɿฏจͱͯ͠ѻ͑Δɺ%#૚ɿ҉߸จͱͯ͠อଘ͞ΕΔ class PersonalInfo < ApplicationRecord encrypts :first_name encrypts :last_name end

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷ঺հr֓ཁͱ؆୯ͳ࢖͍ํͷ͝঺հ • ҉߸ݤ͸ଐੑ͝ͱʹจࣈྻ΍ΧελϜΩʔϓϩόΠμΛࢦఆՄೳ class PersonalInfo
< ApplicationRecord encrypts :first_name, key: "some secret key for personal_info" encrypts :last_name, key_provider: PersonalInfoKeyProvider.new end • ܾఆ࿦త҉߸ԽΛ࢖͑͹ݕࡧ΋Մೳ class PersonalInfo < ApplicationRecord encrypts :first_name, deterministic: true encrypts :last_name, deterministic: true end

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷ঺հrʲ҉߸ԽΛ͢Δࡍʹߟྀ͢΂͖ϙΠϯτʳʹরΒ͠߹ΘͤΔͱ • ݤͷ؅ཧํ਑ – config/credentials.yml.enc ʹهࡌ
– ΧελϜΩʔϓϩόΠμΛ࢖͑͹ϓϩάϥϜతʹऔಘՄೳʢྫɿ,.4 4FDSFU.BOBHFS ౳ʣ • ҉߸Խͷ୯Ґ – σϑΥϧτͰ͸୯ҰͷݤͰ͢΂ͯͷର৅σʔλΛ҉߸Խ – ΧελϜΩʔϓϩόΠμΛ࢖͑͹ɺΫϥεʢςʔϒϧʣ͝ͱʹ෼͚Δ͜ͱ΋Մೳ • ݕࡧੑೳ – σϑΥϧτͰ͸ඇܾఆ࿦త҉߸ԽʢݕࡧෆՄೳʣ – ܾఆ࿦త҉߸ԽϞʔυʹ͢Ε͹ݕࡧՄೳ ݤͷ؅ཧํ਑ ҉߸Խͷ୯Ґ ݕࡧੑೳ

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͰ͸࣮ݱͮ͠Β͍ཁ݅rۚ༥ػؔΛྫʹ • ݤͷ؅ཧํ਑ – ਓ͕ؒ؅ཧͨ͘͠ͳ͍ –
ʢ͜͜͸"DUJWF3FDPSE&ODSZQUJPOͰ΋࣮ݱͰ͖Δʣ • ҉߸Խͷ୯Ґ – ձࣾͦͷ΋ͷͷੑ࣭ˍѻ͏σʔλͷॏཁੑ͔ΒɺϨίʔυ͝ͱʹҟͳΔ҉߸ݤΛ࢖͍͍ͨ • ݸਓ৘ใ • ϚΠφϯόʔʢҰ࣌తʣ • ຊਓ֬ೝॻྨը૾ʢ໔ڐূͳͲʣ • ʢΫϨδοτΧʔυ൪߸ʣ • ݕࡧੑೳ – ͓٬༷͔Βͷ໰͍߹Θ͕ͤ͋ͬͨͱ͖ʹɺຊਓ֬ೝͷͨΊʹҰఆ߲໨Ͱͷݕࡧ͸ඞཁ • ໊લͱੜ೥݄೔ • ॅॴ ݤͷ؅ཧํ਑ ҉߸Խͷ୯Ґ ݕࡧੑೳ

©2024 Bloomo Securities Inc. ֤छ҉߸Խख๏͝঺հrattr_encryptedͱlockbox • 3BJMT✕҉߸ԽͰ͸Ұ൪ྺ࢙͕ݹ͍ – "DUJWF3FDPSE&ODSZQUJPOҎલ͔Β͋Δ –
'JSTUSFMFBTF • ଟ͘ͷࢀߟจݙ͕͋Δ • খྛࣗ਎͕ੲ͔Β࢖ͬͯͨܦݧ͕͋Δ • attr_encrypted ͷݱ୅൛తͳҐஔ͚ͮ • ࢖͍ํ͸"DUJWF3FDPSE&ODSZQUJPO΍attr_encryptedͱ͍͍ͩͨಉ͡ • "DUJWF3FDPSE&ODSZQUJPOΑΓগ͚ͩ͠લʹॳظϦϦʔε – "DUJWF3FDPSE&ODSZQUJPO 3BJMT – lockboxGJSTUSFMFBTF attr_enctypted lockbox

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr҉߸ݤͷ؅ཧํ਑ͷΦϓγϣϯ ؀ڥม਺ʹฏจͷ҉߸ݤΛஔ͘ – Ұ൪γϯϓϧͰ؆୯͕ͩ੬ऑ
4FDSFU.BOBHFSͳͲΞϓϦέʔγϣϯαʔόͷ֎ʹฏจͷ҉߸ݤΛஔ͘ – 👆ΑΓ͸҆શ͕ͩґવͱͯ͠ਓ͕ؒ؅ཧ͢Δඞཁ͕͋Δ 3BJMTͷ&ODZQUFE$SFEFOUJBMTΛ࢖͏ – credentials.yml.encΛෳ߹͢Δݤʢmaster.keyʣΛͲ͏͢Δ͔ͱ͍͏໰୊͸ݦࡏ – ΍ͬͺΓਓ͕ؒ؅ཧ͢Δඞཁ͕͋Δ ,FZ.BOBHFNFOU4FSJWDFΛ͔ͭ͏ – "84 ($1 "[VSFͳͲɺΫϥ΢υϓϩόΠμͳΒجຊతʹ͸ఏڙͯ͠Δ

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr,FZ.BOBHFNFOU4FSWJDFͱ͸ʢ"84Λྫʹʣ • $VTUPNFS.BTUFS,FZʢ$.,ʣΛࢦఆͯ͠ɺEBUBLFZʢ৽͍͠҉߸ݤʣΛཁٻ͢Δ – "
• ҎԼͷ΋ͷ͕,.4͔Βฦͬͯ͘Δ – "ฏจͷ҉߸ݤ – #"͕҉߸Խ͞Εͨ΋ͷ • ҉߸Խɿ"Ͱ҉߸Խͯ͠ɺͦΕ͸ফڈɻ#Λ%#ͳͲʹอଘ͓ͯ͘͠ɻ • ෮߸Խɿ#Λ,.4ʹ౤͚͛ͭΔͱ෮߸Խͯ͠ฦͯ͘͠ΕΔʢ"ΛಘΒΕΔʣͷͰɺσʔλຊମ Λ"Ͱ෮߸Խ͢Δ CMK has_many :data_keys

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr,.4Λ࢖ͬͨϨίʔυ͝ͱͷ҉߸Խ࣮૷ྫ ,.4͔Βऔಘͨ͠ʲ҉߸Խ͞Εͨ҉߸ݤ #
ʳΛอଘ͢ΔͨΊͷΧϥϜ encrypted_data_keyΛ҉߸Խର৅Ϋϥεʢςʔϒϧʣʹ௥Ճ ԼهͷΑ͏ͳϝιουΛ΋ͭmoduleΛఆٛ module KmsKey def data_key kms_client = Aws::KMS::Client.new(region: aws_region) if self.encrypted_data_key kms_client.decrypt(ciphertext_blob: self.encrypted_data_key) else resp = kms_client.generate_data_key( key_id: Rails.application.config.x.common['kms_cmk_id’], key_spec: 'AES_256’, ) self.encrypted_data_key = resp.ciphertext_blob resp.plaintext end end

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr,.4Λ࢖ͬͨϨίʔυ͝ͱͷ҉߸Խ࣮૷ྫ ҉߸Խର৅ϑΟʔϧυΛఆٛ class
PersonalInfo < ApplicationRecord include KmsKey attr_encrypted :first_name, key: :data_key, algorithm: 'aes-256-gcm’ attr_encrypted :last_name, key: :data_key, algorithm: 'aes-256-gcm'

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr,.4Λ࢖ͬͨϨίʔυ͝ͱͷ҉߸Խ࣮૷ྫ Ϩίʔυ͝ͱʹ҉߸ݤΛม͑ͭͭɺಁաతʹѻ͑ΔΑ͏ʹͳΔ personal_info.first_name
= ”ϊΤϧ” personal_info.last_name = “খྛ” personal_info.save! personal_info = PersonalInfo.find(1) puts personal_info.first_name # => “ϊΤϧ” puts personal_info.last_name # => “খྛ”

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫrΞοϓϩʔυը૾ͷ҉߸Խ class IdDocumentImage < ApplicationRecord
include KmsKey mount_uploader :uploader, IdDocumentImageUploader before_save :encrypt_file! def encrypt_file! iv = Cipher.generate_iv self.uploader_iv = Base64.strict_encode64(iv) cipher = Cipher.new(key: data_key, cipher_iv: iv) resp = cipher.encrypt(value: uploader.file.read) File.binwrite(uploader.file.path, resp) end • DBSSJFSXBWFΛྫʹ͝঺հ • Ϩίʔυ͝ͱʹ҉߸ݤΛม͑ͭͭɺΞοϓϩʔυը૾ͦͷ΋ͷ΋҉߸Խͯ͠อଘ

©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հr҉߸Խͭͭ͠ݕࡧՄೳʹ͢ΔΦϓγϣϯ ܾఆ࿦త҉߸ԽΛ࢖͏ – "DUJWF3FDPSE&ODSZQUJPO͕࠾༻͍ͯ͠Δํ਑ –
ಉ͡҉߸ԽݤͰ҉߸Խ͍ͯ͠Δσʔλ܊ʹରͯ͠͸Մೳͳख๏ &MBTUJD4FBSDIͳͲͷݕࡧϞδϡʔϧΛ༻ҙ͠ɺͦ͜ʹฏจͷσʔλΛ֨ೲ͢Δ – &MBTUJD4FBSDI͸ΞϓϦέʔγϣϯαʔό͔ΒͷΈΞΫηεՄೳͰɺܦ࿏΍ྖҬ͸҆શͱ ͍͏લఏ ݕࡧ࣌͸ΞϓϦέʔγϣϯαʔό಺ͰҰׅෳ߹ͯ͠ɺίʔυ্Ͱݕࡧ͢Δ – PersonalInfo.all.eachΈ͍ͨʹ͢ΔΠϝʔδ ݕࡧ༻ʹର৅ϑΟʔϧυʢࢯ໊ɺॅॴͳͲʣͷϋογϡ஋Λผςʔϒϧʹอଘ͢Δ – ׬શҰகͷݕࡧͷΈՄೳ

©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հr҉߸Խର৅σʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞੒͢Δྫ class PersonalInfoHash < ApplicationRecord
belongs_to :personal_info end class PersonalInfo < ApplicationRecord include KmsKey …… has_many :personal_info_hashes • PersonalInfoHashϞσϧʢςʔϒϧʣΛఆٛ – key: string – value: string

©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հr҉߸Խର৅σʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞੒͢Δྫ class PersonalInfo < ApplicationRecord
after_save :save_hashes def save_hashes save_name_hash save_tel_hash ... end def save_name_hash raw_value = last_name + first_name pi_hash = personal_info_hashes.find_or_initialize_by(key: 'last_name_and_first_name’) pi_hash.value = BCrypt::Engine.hash_secret(raw_value, ENV['HASH_SALT’]) pi_hash.save! end • after_save ͱ͔ͰPersonalInfo ͷϨίʔυͱҰॹʹ࡞Δ • ҉߸ֶత)BTIؔ਺͸ͱΓ͋͑ͣBcrypt࢖͓͚ͬͯ͹ྑͦ͞͏

©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հr҉߸Խର৅σʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞੒͢Δྫ hash_value = BCrypt::Engine.hash_secret(searching_value, ENV['HASH_SALT’])
personal_infos = PersonalInfoHash .where(key: 'last_name_and_first_name', hash_value: hash_value) .map(&:personal_info) • ݕࡧ͢Δͱ͖͸ݕࡧϫʔυͷϋογϡ஋Λܭࢉͯ͠ݕࡧ

©2024 Bloomo Securities Inc. ·ͱΊ Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ؀ڥม਺ 4FDSFU.BOBHFS
DSFEFOUJMBTZNMFOD ,.4 ܾఆ࿦త҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI ۪௚ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ࢖͍ํ ΧελϚΠζ͢Ε͹Ͱ͖Δ • ࠓճ͝঺հͨ͠ํ๏Λಛੑ͝ͱʹ·ͱΊ·͢ ҉߸Խͷ ୯Ґ ҉߸ݤͷ ؅ཧ ݕࡧख๏

©2024 Bloomo Securities Inc. ·ͱΊr"DUJWF3FDPSE&ODSZQUJPO Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ؀ڥม਺ 4FDSFU.BOBHFS
DSFEFOUJMBTZNMFOD ,.4 ܾఆ࿦త҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI ۪௚ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ࢖͍ํ ΧελϚΠζ͢Ε͹Ͱ͖Δ • େ఍ͷཁ݅͸ຬͨͤΔ • ಋೖͷෑډ΋௿͍ – config.active_record.encryption.support_unencrypted_data = true ҉߸Խͷ ୯Ґ ҉߸ݤͷ ؅ཧ ݕࡧख๏

©2024 Bloomo Securities Inc. ·ͱΊrBUUS@FODSZQUFEMPDLCPY Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ܾఆ࿦త҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI
۪௚ݕࡧ ϋογϡԽʹΑΔݕࡧ "DUJWF3FDPSE&ODSZQUJPO attr_encrypted lockbox ॳظϦϦʔε 3BJMT ఏڙݩ CVJMUJO HFN HFN σϑΥϧτͷ࢖͍ํ ΧελϚΠζ͢Ε͹Ͱ͖Δ • "DUJWF3FDPSE&ODSZQUJPOͰཁ͕݅ຬͨͤͳ͍৔߹ʢϨίʔυ͝ͱ҉߸ԽͳͲʣʹݕ౼ • ,.4ར༻ kms_encrypted ɺϋογϡԽݕࡧ blind_index ͸ผͷgem͕͋Δ • ৽نҊ݅ͳΒlockboxɺطଘίʔυΛ࢖͍·Θ͍ͨ͠৔߹͸attr_encrypted ҉߸Խͷ ୯Ґ ҉߸ݤͷ ؅ཧ ݕࡧख๏ ؀ڥม਺ 4FDSFU.BOBHFS DSFEFOUJMBTZNMFOD ,.4

大事なデータを守りたい！ActiveRecord Encryptionと、より安全かつ検索可能...

大事なデータを守りたい！ActiveRecord Encryptionと、より安全かつ検索可能な暗号化手法の実装例の紹介

free_world21

More Decks by free_world21

Other Decks in Programming

Featured

Transcript

ブルーモ証券株式会社 ©2024 Bloomo Securities Inc. େࣄͳσʔλΛकΓ͍ͨʂ "DUJWF3FDPSE&ODSZQUJPOͱɺ ΑΓ҆શ͔ͭݕࡧՄೳͳ ҉߸Խख๏ͷ࣮૷ྫͷ঺հ ,BJHJPO3BJMT%BZ!)BMM#MVF

©2024 Bloomo Securities Inc. • খྛޛ࢙ʢখྛϊΤϧʣ • ϒϧʔϞূ݊גࣜձࣾऔక໾$50 • 0NPUFTBOEPSC

©2024 Bloomo Securities Inc. *OEFY ձࣾ঺հˍഎܠ঺հ ͦ΋ͦ΋҉߸Խͱ͸ʁ "DUJWF3FDPSE&ODSZQUJPOͷ঺հ "DUJWF3FDPSE&ODSZQUJPOͰ͸࣮ݱͮ͠Β͍ཁ݅ͷྫ ֤छ҉߸Խख๏͝঺հ

©2024 Bloomo Securities Inc. ձࣾ঺հˍഎܠ঺հrϓϩμΫτ ถࠃגࢿ࢈ӡ༻ΞϓϦ#MPPNPΛఏڙதʂ ίϐϖͰʮόϑΣοτ౤ࢿʯεϚϗ׬݁Ͱएऀ΋ؾܰʹ :065)'*/"/$&ᶃ

©2024 Bloomo Securities Inc. ձࣾ঺հˍഎܠ঺հrϓϩμΫτػೳ ϙʔτϑΥϦΦػೳͰɺߴ౓ͳࢿ࢈ӡ༻ͷϋʔυϧΛԼ͍͛ͯΔ ϙʔτϑΥϦΦ౤ࢿػೳ ڞ༗ɾίϐʔػೳ ถࠃגɾ&5'Ͱཧ૝ͷϙʔτϑΥϦΦΛ࡞੒ͨ͠Βɺ ྆ସ΍ങ෇͸ϒϧʔϞ͕ࣗಈࣥߦͯ͘͠ΕΔɻ

©2024 Bloomo Securities Inc. ձࣾ঺հˍഎܠ঺հr૑ۀ͔Β͜Ε·ͰͷาΈ ݄ ݄

©2024 Bloomo Securities Inc. ձࣾ঺հˍഎܠ঺հr૑ۀ͔Β͜Ε·ͰͷาΈ ݄ ݄

©2024 Bloomo Securities Inc. ձࣾ঺հˍഎܠ঺հr૑ۀ͔Β͜Ε·ͰͷาΈ ݄ ݄

©2024 Bloomo Securities Inc. ձࣾ঺հˍഎܠ঺հrূ݊γεςϜΛ࡞Δ͏͑Ͱ • Կ͔גΛങ͏ͨΊʹ͸ূ݊ձࣾͷޱ࠲Λͭ͘Βͳ͚Ε͹͍͚ͳ͍ • ূ݊ձࣾʢͷγεςϜʣΛ࡞ΔͨΊʹ͸༷ʑͳཁ݅ʢ๏཯ͳͲʣΛकΒͳ͚Ε͹͍͚ͳ͍ •

©2024 Bloomo Securities Inc. ͦ΋ͦ΋҉߸Խͱ͸ʁ҉߸ԽͱϋογϡԽ “小林ノエル” “m6mlF70S3Qoqt86hyUJzWxhwW6JYgyXgBPPJHrhvVAGQ” “$2a$10$aBy67z2lE8O/OO/Xfnr7ZO6sQCP948cWDM/9Mi fMGR5472nkfqGUW” “小林ノエル”

©2024 Bloomo Securities Inc. ͦ΋ͦ΋҉߸Խͱ͸ʁͳͥ҉߸Խ͢Δͷ͔ • ೖޱରࡦɾ಺෦ରࡦɾग़ޱରࡦͷ͏ͪɺ಺෦ରࡦͷ͏ͪͷͭ – ೖޱରࡦ •

©2024 Bloomo Securities Inc. ͦ΋ͦ΋҉߸Խͱ͸r҉߸ԽΛ͢Δࡍʹߟྀ͢΂͖ϙΠϯτ • ҉߸ԽͷΞϧΰϦζϜ – %&4 "&4

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷ঺հr֓ཁͱ؆୯ͳ࢖͍ํͷ͝঺հ • 3BJMT "DUJWF3FDPSE ʹ૊Έࠐ·Ε͍ͯΔ҉߸Խػߏ

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷ঺հr֓ཁͱ؆୯ͳ࢖͍ํͷ͝঺հ • 3BJMT "DUJWF3FDPSE ʹ૊Έࠐ·Ε͍ͯΔ҉߸Խػߏ

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷ঺հr֓ཁͱ؆୯ͳ࢖͍ํͷ͝঺հ • ҉߸ݤ͸ଐੑ͝ͱʹจࣈྻ΍ΧελϜΩʔϓϩόΠμΛࢦఆՄೳ class PersonalInfo

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͷ঺հrʲ҉߸ԽΛ͢Δࡍʹߟྀ͢΂͖ϙΠϯτʳʹরΒ͠߹ΘͤΔͱ • ݤͷ؅ཧํ਑ – config/credentials.yml.enc ʹهࡌ

©2024 Bloomo Securities Inc. "DUJWF3FDPSE&ODSZQUJPOͰ͸࣮ݱͮ͠Β͍ཁ݅rۚ༥ػؔΛྫʹ • ݤͷ؅ཧํ਑ – ਓ͕ؒ؅ཧͨ͘͠ͳ͍ –

©2024 Bloomo Securities Inc. ֤छ҉߸Խख๏͝঺հrattr_encryptedͱlockbox • 3BJMT✕҉߸ԽͰ͸Ұ൪ྺ࢙͕ݹ͍ – "DUJWF3FDPSE&ODSZQUJPOҎલ͔Β͋Δ –

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr҉߸ݤͷ؅ཧํ਑ͷΦϓγϣϯ ؀ڥม਺ʹฏจͷ҉߸ݤΛஔ͘ – Ұ൪γϯϓϧͰ؆୯͕ͩ੬ऑ

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr,FZ.BOBHFNFOU4FSWJDFͱ͸ʢ"84Λྫʹʣ • $VTUPNFS.BTUFS,FZʢ$.,ʣΛࢦఆͯ͠ɺEBUBLFZʢ৽͍͠҉߸ݤʣΛཁٻ͢Δ – "

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr,.4Λ࢖ͬͨϨίʔυ͝ͱͷ҉߸Խ࣮૷ྫ ,.4͔Βऔಘͨ͠ʲ҉߸Խ͞Εͨ҉߸ݤ #

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr,.4Λ࢖ͬͨϨίʔυ͝ͱͷ҉߸Խ࣮૷ྫ ҉߸Խର৅ϑΟʔϧυΛఆٛ class

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫr,.4Λ࢖ͬͨϨίʔυ͝ͱͷ҉߸Խ࣮૷ྫ Ϩίʔυ͝ͱʹ҉߸ݤΛม͑ͭͭɺಁաతʹѻ͑ΔΑ͏ʹͳΔ personal_info.first_name

©2024 Bloomo Securities Inc. attr_encryptedΛ࢖࣮ͬͨ૷ྫrΞοϓϩʔυը૾ͷ҉߸Խ class IdDocumentImage < ApplicationRecord

©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հr҉߸Խͭͭ͠ݕࡧՄೳʹ͢ΔΦϓγϣϯ ܾఆ࿦త҉߸ԽΛ࢖͏ – "DUJWF3FDPSE&ODSZQUJPO͕࠾༻͍ͯ͠Δํ਑ –

©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հr҉߸Խର৅σʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞੒͢Δྫ class PersonalInfoHash < ApplicationRecord

©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հr҉߸Խର৅σʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞੒͢Δྫ class PersonalInfo < ApplicationRecord

©2024 Bloomo Securities Inc. ҉߸Խͭͭ͠ݕࡧՄೳʹ͢Δํ๏ͷ঺հr҉߸Խର৅σʔλΛอଘͭͭ͠ݕࡧ༻)BTIΛ࡞੒͢Δྫ hash_value = BCrypt::Engine.hash_secret(searching_value, ENV['HASH_SALT’])

©2024 Bloomo Securities Inc. ·ͱΊ Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ؀ڥม਺ 4FDSFU.BOBHFS

©2024 Bloomo Securities Inc. ·ͱΊr"DUJWF3FDPSE&ODSZQUJPO Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ؀ڥม਺ 4FDSFU.BOBHFS

©2024 Bloomo Securities Inc. ·ͱΊrBUUS@FODSZQUFEMPDLCPY Ұׅ҉߸Խ ςʔϒϧ͝ͱʹ҉߸Խ Ϩίʔυ͝ͱʹ҉߸Խ ܾఆ࿦త҉߸ԽʹΑΔݕࡧ &MBTUJD4FBSDI

©2024 Bloomo Securities Inc. Ұॹʹ#MPPNPͷαʔϏε։ൃΛ ͯ͘͠ΕΔ஥ؒΛืूதʂ https://careers.bloomo.co.jp/ 8FBSF)JSJOH