Ruby

Simpler way to secure data with Ruby and Basis Theory

This guest post walks through a community-built Ruby Gem that helps developers quickly secure and use their data with Basis Theory and the new Rails 7.0 upgrade

Ruby on Rails built its reputation on its ease of use and simplicity. As an engineer, I look for ways to remove the complexity of encrypting and securing data within my projects. Recently, I’ve been using Basis Theory’s tokenization API to protect business-critical data without worrying if I’m missing some critical part of the encryption process.

I use Basis Theory’s tokenization platform and compliant environment to quickly and compliantly secure and use sensitive data for my projects. By using its tokens, serverless functions, and SDKs, I have full control over their sensitive data without incurring the costs, delays, and risks of securing and maintaining it myself. (You can also get to production without a credit card).

Want to jump straight into the gem? Check out the Github repository or RubyGem.

What is Basis Theory and the basis_theory gem?

This gem eliminates the need to worry about building additional Key Management Services (KMS) infrastructure while securing your data in Basis Theory’s PCI Level 1 compliant vault. 

Why is the basis_theory gem important?

While native encryption helps everyday developers quickly secure their data within an application, a scaled implementation using public libraries will still require detailed knowledge of Key Management and infrastructure needs.

How does the basis_theory gem work?

The example below shows how to start with Basis Theory.

1. Install the package.


gem install basis_theory

2. Create a new Basis Theory client with your Basis Theory API Key


 client = BasisTheory::Client.new(api_key: 'YOUR_API_KEY')

3. Protect the data by creating a new token


 token = client.tokens.create(data: 'some_data_to_encrypt') token.id # => '467ca27f-bb2a-4d09-9e0e-8f8a69e7bbac'

4. That’s it! You’re now ready to store the ids in your database and can retrieve the raw values whenever you need to use them by using the gem’s find method


 token = client.tokens.create(data: 'some_data_to_encrypt') token.id # => '467ca27f-bb2a-4d09-9e0e-8f8a69e7bbac'

What data am I encrypting with the the basis_theory gem?

The gem takes all of the hard work of setting up Ruby encryption libraries. This allows you to generate and protect your encryption keys, or build out your own KMS. I’m using it for Government IDs, Social Security Numbers, and Tax ID Numbers. Additionally, I could also see the need to encrypt confidential or proprietary information, like CAD designs, pricing, and inventory, that, if leaked, could have a profound impact on my clients.

What is next for the basis_theory gem?

There are quite a few features within Basis Theory that would be great to expose through the gem, like:

Add Basis Theory’s Search on tokens

The Basis Theory API allows for searching the underlying encrypted data without the need to decrypt that data and/or have the data touch your systems. This is a massive improvement over the built-in native encryption offered by Rails (as you’d need to turn on deterministic encryption which is less secure). An example of the feature might be:


client.tokens.create(type: 'social_security_number', data: '444-44-5555')
client.tokens.create(type: 'social_security_number', data: '444-44-5522')

client.tokens.search(data: '5555') // returns only the first token
client.tokens.search(data: '444445522') // returns the second token

Basis Theory EncryptableRecord for Encryption

Native Rails encryption has come a long way and provides a default EncryptableRecord which is the foundation for encrypting data within ActiveRecord. The idea would be to enable a new EncryptableRecord to be exposed. This would allow Basis Theory to be used as the underlying datastore and store a tokenId in the database:


// Ability to override the Provider
class Article < ApplicationRecord
  encrypts :title, :provider = BasisTheory
end

//Ability to easily configure tokenization on ActiveRecord properties
class Article < ApplicationRecord
  tokenizes :title
end

What would you like to see?

Feel free to submit a GitHub issue for any ideas you may have for the next steps on the gem.

About the author

Scott Olsen is a Software Engineer at Doximity, an online networking service for medical professionals. He has spent the majority of his career building and investing in the Rails community. You can find Scott on Twitter.

NEXT STEPS

Where to go from here?

{"type":"shift","speed":14,"random":1,"shift":1,"size":1,"rupture":70}
Usage-based pricing, but getting started is free
{"type":"shift","speed":20,"random":1,"shift":1,"size":1,"rupture":50}
Built by developers, for developers
{"type":"shift","speed":11,"random":1,"shift":1,"size":1,"rupture":50}
Helpful humans ready to work through your questions
{"type":"shift","speed":29,"random":1,"shift":1,"size":1,"rupture":50}
We’re building something special & would love your help