Simpler way to secure data with Ruby and Basis Theory
Ruby on Rails built its reputation on its ease of use and simplicity. As an engineer, I look for ways to remove the complexity of encrypting and securing data within my projects. Recently, I’ve been using Basis Theory’s tokenization API to protect business-critical data without worrying if I’m missing some critical part of the encryption process.
I use Basis Theory’s tokenization platform and compliant environment to quickly and compliantly secure and use sensitive data for my projects. By using its tokens, serverless functions, and SDKs, I have full control over their sensitive data without incurring the costs, delays, and risks of securing and maintaining it myself. (You can also get to production without a credit card).
Want to jump straight into the gem? Check out the Github repository or RubyGem.
What is Basis Theory and the basis_theory gem?
This gem eliminates the need to worry about building additional Key Management Services (KMS) infrastructure while securing your data in Basis Theory’s PCI Level 1 compliant vault.
Why is the basis_theory gem important?
While native encryption helps everyday developers quickly secure their data within an application, a scaled implementation using public libraries will still require detailed knowledge of Key Management and infrastructure needs.
How does the basis_theory gem work?
The example below shows how to start with Basis Theory.
1. Install the package.
gem install basis_theory
2. Create a new Basis Theory client with your Basis Theory API Key
client = BasisTheory::Client.new(api_key: 'YOUR_API_KEY')
3. Protect the data by creating a new token
token = client.tokens.create(data: 'some_data_to_encrypt') token.id # => '467ca27f-bb2a-4d09-9e0e-8f8a69e7bbac'
4. That’s it! You’re now ready to store the ids in your database and can retrieve the raw values whenever you need to use them by using the gem’s find method
token = client.tokens.create(data: 'some_data_to_encrypt') token.id # => '467ca27f-bb2a-4d09-9e0e-8f8a69e7bbac'
What data am I encrypting with the the basis_theory gem?
The gem takes all of the hard work of setting up Ruby encryption libraries. This allows you to generate and protect your encryption keys, or build out your own KMS. I’m using it for Government IDs, Social Security Numbers, and Tax ID Numbers. Additionally, I could also see the need to encrypt confidential or proprietary information, like CAD designs, pricing, and inventory, that, if leaked, could have a profound impact on my clients.
What is next for the basis_theory gem?
There are quite a few features within Basis Theory that would be great to expose through the gem, like:
Add Basis Theory’s Search on tokens
The Basis Theory API allows for searching the underlying encrypted data without the need to decrypt that data and/or have the data touch your systems. This is a massive improvement over the built-in native encryption offered by Rails (as you’d need to turn on deterministic encryption which is less secure). An example of the feature might be:
client.tokens.create(type: 'social_security_number', data: '444-44-5555')
client.tokens.create(type: 'social_security_number', data: '444-44-5522')
client.tokens.search(data: '5555') // returns only the first token
client.tokens.search(data: '444445522') // returns the second token
Basis Theory EncryptableRecord for Encryption
Native Rails encryption has come a long way and provides a default EncryptableRecord which is the foundation for encrypting data within ActiveRecord. The idea would be to enable a new EncryptableRecord to be exposed. This would allow Basis Theory to be used as the underlying datastore and store a tokenId in the database:
// Ability to override the Provider
class Article < ApplicationRecord
encrypts :title, :provider = BasisTheory
end
//Ability to easily configure tokenization on ActiveRecord properties
class Article < ApplicationRecord
tokenizes :title
end
What would you like to see?
Feel free to submit a GitHub issue for any ideas you may have for the next steps on the gem.
About the author
Scott Olsen is a Software Engineer at Doximity, an online networking service for medical professionals. He has spent the majority of his career building and investing in the Rails community. You can find Scott on Twitter.