Simpler way to secure data with Ruby and Basis Theory

nloding

Nathan Loding

Posted on May 18, 2022

Simpler way to secure data with Ruby and Basis Theory

This guest post walks through a community-built Ruby Gem that helps developers quickly secure and use their data with Basis Theory and the new Rails 7.0 upgrade.

Ruby on Rails built its reputation on its ease of use and simplicity. As an engineer, I look for ways to remove the complexity of encrypting and securing data within my projects. Recently, I’ve been using Basis Theory’s tokenization API to protect business-critical data without worrying if I’m missing some critical part of the encryption process.

I use Basis Theory’s tokenization platform and compliant environment to quickly and compliantly secure and use sensitive data for my projects. By using its tokens, serverless functions, and SDKs, I have full control over their sensitive data without incurring the costs, delays, and risks of securing and maintaining it myself. (You can also get to production without a credit card).

Want to jump straight into the gem? Check out the Github repository or RubyGem.

What is Basis Theory and the basis_theory gem?

This gem eliminates the need to worry about building additional Key Management Services (KMS) infrastructure while securing your data in Basis Theory’s PCI Level 1 compliant vault.

Why is the basis_theory gem important?

While native encryption helps everyday developers quickly secure their data within an application, a scaled implementation using public libraries will still require detailed knowledge of Key Management and infrastructure needs.

How does the basis_theory gem work?

The example below shows how to start with Basis Theory.

  1. Install the package.
gem install basis_theory
Enter fullscreen mode Exit fullscreen mode
  1. Create a new Basis Theory client with your Basis Theory API Key
 client = BasisTheory::Client.new(api_key: 'YOUR_API_KEY')
Enter fullscreen mode Exit fullscreen mode
  1. Protect the data by creating a new token
 token = client.tokens.create(data: 'some_data_to_encrypt') token.id # => '467ca27f-bb2a-4d09-9e0e-8f8a69e7bbac'
Enter fullscreen mode Exit fullscreen mode

‍‍4. That’s it! You’re now ready to store the ids in your database and can retrieve the raw values whenever you need to use them by using the gem’s find method

 token = client.tokens.create(data: 'some_data_to_encrypt') token.id # => '467ca27f-bb2a-4d09-9e0e-8f8a69e7bbac'
Enter fullscreen mode Exit fullscreen mode

What data am I encrypting with the the basis_theory gem?

The gem takes all of the hard work of setting up Ruby encryption libraries. This allows you to generate and protect your encryption keys, or build out your own KMS. I’m using it for Government IDs, Social Security Numbers, and Tax ID Numbers. Additionally, I could also see the need to encrypt confidential or proprietary information, like CAD designs, pricing, and inventory, that, if leaked, could have a profound impact on my clients.

What is next for the basis_theory gem?

There are quite a few features within Basis Theory that would be great to expose through the gem, like:

Add Basis Theory’s Search on tokens

The Basis Theory API allows for searching the underlying encrypted data without the need to decrypt that data and/or have the data touch your systems. This is a massive improvement over the built-in native encryption offered by Rails (as you’d need to turn on deterministic encryption which is less secure). An example of the feature might be:

client.tokens.create(type: 'social_security_number', data: '444-44-5555')
client.tokens.create(type: 'social_security_number', data: '444-44-5522')

client.tokens.search(data: '5555') // returns only the first token
client.tokens.search(data: '444445522') // returns the second token
Enter fullscreen mode Exit fullscreen mode

Basis Theory EncryptableRecord for Encryption

Native Rails encryption has come a long way and provides a default EncryptableRecord which is the foundation for encrypting data within ActiveRecord. The idea would be to enable a new EncryptableRecord to be exposed. This would allow Basis Theory to be used as the underlying datastore and store a tokenId in the database:

// Ability to override the Provider
class Article < ApplicationRecord
  encrypts :title, :provider = BasisTheory
end

//Ability to easily configure tokenization on ActiveRecord properties
class Article < ApplicationRecord
  tokenizes :title
end
Enter fullscreen mode Exit fullscreen mode

What would you like to see?

Feel free to submit a GitHub issue for any ideas you may have for the next steps on the gem.

About the author

Scott Olsen is a Software Engineer at Doximity, an online networking service for medical professionals. He has spent the majority of his career building and investing in the Rails community. You can find Scott on Twitter.

💖 💪 🙅 🚩
nloding
Nathan Loding

Posted on May 18, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related