Merge pull request #78 from danielberkompas/vault-genserver

[#75] Make Cloak.Vault a GenServer
danielberkompas · Sep 26, 2018 · ffdd12e · ffdd12e
2 parents e893132 + 56c276e
commit ffdd12e
Show file tree

Hide file tree

Showing 8 changed files with 234 additions and 95 deletions.
diff --git a/guides/how_to/install.md b/guides/how_to/install.md
@@ -6,7 +6,7 @@ This guide will walk you through installing Cloak in your project.
 
 First, add `:cloak` to your dependencies in `mix.exs`:
 
-    {:cloak, "~> 0.7.0"}
+    {:cloak, "~> 0.9.0"}
 
 Run `mix deps.get` to fetch the dependency.
 
@@ -54,19 +54,25 @@ to configure the vault instead:
       def init(config) do
         config =
           Keyword.put(config, :ciphers, [
-            default: {Cloak.Ciphers.AES.GCM, tag: "AES.GCM.V1", key: decode_env("CLOAK_KEY")}
+            default: {Cloak.Ciphers.AES.GCM, tag: "AES.GCM.V1", key: decode_env!("CLOAK_KEY")}
           ])
 
         {:ok, config}
       end
 
-      defp decode_env(var) do
+      defp decode_env!(var) do
         var
         |> System.get_env()
         |> Base.decode64!()
       end
     end
 
+Finally, add your vault to your supervision tree.
+
+    children = [
+      MyApp.Vault
+    ]
+
 ### Create Local Ecto Types
 
 For each type of data you want to encrypt, define a local Ecto type like so.

diff --git a/guides/upgrading/0.8.x_to_0.9.x.md b/guides/upgrading/0.8.x_to_0.9.x.md
@@ -0,0 +1,23 @@
+# How To Upgrade From 0.8.x to 0.9.x
+
+Cloak `0.9.0` encrypts and decrypts data up to 200% faster than `0.8.0`.
+This result is achieved by caching configuration data in an ETS table.
+
+- **Breaking Change**: You must now add your `Cloak.Vault` to your
+  supervision tree.
+
+## Update Your Dependency
+
+Update your `cloak` dependency to `0.9.0` or higher:
+
+```elixir
+{:cloak, "~> 0.9.0"}
+```
+
+### Supervise Your Vault
+
+Add your vault to your supervision tree:
+
+    children = [
+      MyApp.Vault
+    ]
diff --git a/lib/cloak/ciphers/aes_gcm.ex b/lib/cloak/ciphers/aes_gcm.ex
@@ -39,16 +39,9 @@ defmodule Cloak.Ciphers.AES.GCM do
   def encrypt(plaintext, opts) do
     key = Keyword.fetch!(opts, :key)
     tag = Keyword.fetch!(opts, :tag)
-    iv = generate_iv()
-
-    {ciphertext, ciphertag} =
-      :crypto.block_encrypt(
-        :aes_gcm,
-        key,
-        iv,
-        {@aad, plaintext}
-      )
+    iv = :crypto.strong_rand_bytes(16)
 
+    {ciphertext, ciphertag} = :crypto.block_encrypt(:aes_gcm, key, iv, {@aad, plaintext})
     {:ok, Encoder.encode(tag) <> iv <> ciphertag <> ciphertext}
   end
 
@@ -86,6 +79,4 @@ defmodule Cloak.Ciphers.AES.GCM do
         false
     end
   end
-
-  defp generate_iv, do: :crypto.strong_rand_bytes(16)
 end