tozny / e3db-ruby

Ruby client library for E3DB
Other
2 stars 1 forks source link
api-client encrypted-store encryption ruby

Gem Version Build Status Coverage Status

Introduction

The Tozny End-to-End Encrypted Database (E3DB) is a storage platform with powerful sharing and consent management features. Read more on our blog.

E3DB provides a familiar JSON-based NoSQL-style API for reading, writing, and querying data stored securely in the cloud.

Installation

Add this line to your application's Gemfile:

gem 'e3db'

And then execute:

$ bundle

Or install it yourself as:

$ gem install e3db

At runtime, you will need the libsodium cryptography library required by the native RbNaCl Ruby library. On most platforms a package is available by default:

$ brew install libsodium            (Mac OS X)
$ apt-get install libsodium-dev     (Ubuntu)

For more information including libsodium installation instructions for Windows, see the libsodium web site.

Windows Users: Make sure to download a recent "MSVC" build. Once downloaded, find the most recent libsodium.dll inside the ZIP file, rename it to sodium.dll and copy it to C:\usr\local\lib. You can also copy it to your \Windows\System32 directory.

Registering a client

Register an account with InnoVault to get started. From the Admin Console you can create clients directly (and grab their credentials from the console) or create registration tokens to dynamically create clients with E3DB::Client.register(). Clients registered from within the console will automatically back their credentials up to your account. Clients created dynamically via the SDK can optionally back their credentials up to your account.

For a more complete walkthrough, see /examples/registration.rb.

Without Credential Backup

token = '...'
client_name = '...'

public_key, private_key = E3DB::Client.generate_keypair
client_info = E3DB::Client.register(token, client_name, public_key)

The object returned from the server contains the client's UUID, API key, and API secret (as well as echos back the public key passed during registration). It's your responsibility to store this information locally as it will not be recoverable without credential backup.

With Credential Backup

token = '...'
client_name = '...'

public_key, private_key = E3DB::Client.generate_keypair
client_info = E3DB::Client.register(token, client_name, public_key, private_key, true)

The private key must be passed to the registration handler when backing up credentials as it is used to cryptographically sign the encrypted backup file stored on the server. The private key never leaves the system, and the stored credentials will only be accessible to the newly-registered client itself or the account with which it is registered.

Loading configuration and creating a client

Use the E3DB::Config.default class method to load the default client configuration, and pass it to the E3DB::Client constructor:

require 'e3db'
config = E3DB::Config.default
client = E3DB::Client.new(config)

Using profiles to manage multiple configurations

The E3DB Command-Line Interface allows you to register and manage multiple keys and credentials using profiles. To register a new client under a different profile:

$ e3db register --profile=development developers@mycompany.com

You can then use E3DB::Config.load_profile to load a specific profile inside your Ruby application:

config = E3DB::Config.load_profile('development')
client = E3DB::Client.new(config)

Writing a record

To write new records to the database, call the E3DB::Client#write method with a string describing the type of data to be written, along with a hash containing the fields of the record. E3DB::Client#write returns the newly created record.

record = client.write('contact', {
  :first_name => 'Jon',
  :last_name => 'Snow',
  :phone => '555-555-1212'
})
printf("Wrote record %s\n", record.meta.record_id)

Querying Records

E3DB supports many options for querying records based on the fields stored in record metadata. Refer to the API documentation for the complete set of options that can be passed to E3DB::Client#query.

For example, to list all records of type contact and print a simple report containing names and phone numbers:

client.query(type: 'contact') do |record|
  fullname = record.data[:first_name] + ' ' + record.data[:last_name]
  printf("%-40s %s\n", fullname, record.data[:phone])
end

In this example, the E3DB::Client#query method takes a block that will execute for each record that matches the query. Records will be streamed efficiently from the server in batches, allowing processing of large data sets without consuming excessive memory.

In some cases, it is more convenient to load all results into memory for processing. To achieve this, instead of passing a block to E3DB::Client#query, you can call Enumerable methods on the query result, including Enumerable#to_a to convert the results to an array.

For example:

results = client.query(type: 'contact').to_a
printf("There were %d results.\n", results.length)
results.each do |record|
  puts record
end

More examples

See the simple example code for runnable detailed examples.

Development

Before running tests, register an account with InnoVault, and generate a client token.

After checking out the repo, run bin/setup to install dependencies. Next, set two environment variables:

Run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Documentation

General E3DB documentation is on our web site.

Comprehensive documentation for the SDK can be found online via RubyDoc.info.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/tozny/e3db-ruby.