Ruby

Encrypting/Decrypting data with our backend SDKs may expose you to greater compliance burden because your server needs to handle plaintext data. Instead, we recommend using Relay or our Client-Side SDKs to encrypt data.

Getting started

Install the SDK

Our Ruby SDK is distributed via RubyGems, and can be installed via the command line or a Gemfile.

ruby gem 'evervault'

Initialize the SDK

The SDK needs to be initialized with an App's ID and API key. If you don't have one yet, you can get one by creating an App in the Evervault Dashboard.

Encrypt a string

Now that the SDK is initialized, we can encrypt a string.

1encrypted = Evervault.encrypt("Hello, world!")

Reference

encrypt

Encrypts data using Evervault Encryption. Evervault Strings can be used across all of our products. To encrypt data using the Ruby SDK, simply pass a String, Hash or Array into the encrypt() method. The encrypted data can be stored in your database as normal and can be used with any of Evervault’s other services.

1require "evervault"
2Evervault.app_id = "<APP_ID>"
3Evervault.api_key = "<API_KEY>"
4
5encrypted = Evervault.encrypt("Hello, world!")

Parameters

dataRequiredString | Boolean | Number | Array | Hash
The data to encrypt.

decrypt

Decrypts the data previously encrypted with the encrypt() function or through Relay. An API key with the decrypt permission must be used to perform this operation.

1require "evervault"
2Evervault.app_id = "<APP_ID>"
3Evervault.api_key = "<API_KEY>"
4
5encrypted_data = Evervault.encrypt("Hello, world!")
6decrypted = Evervault.decrypt(encrypted_data)

Parameters

dataRequiredString | Boolean | Number | Array | Hash
The data to decrypt.

PCI Compliance

Decrypting data with our backend SDKs is not available if you are part of the PCI or HIPAA compliance use cases. Instead you can:

Use Relay to decrypt data before it reaches third-party services.
Use Functions or Enclaves to process encrypted data.

create_client_side_decrypt_token

Client Side Decrypt Tokens are versatile and short-lived tokens that frontend applications can utilise to decrypt data previously encrypted through Evervault. Client Side Decrypt Tokens are restricted to specific payloads. By default, a Client Side Decrypt Token will live for 5 minutes into the future. The maximum time to live of the token is 10 minutes into the future.

1require "evervault"
2Evervault.app_id = "<APP_ID>"
3Evervault.api_key = "<API_KEY>"
4
5encrypted_data = Evervault.encrypt("Hello, world!")
6five_minutes = Time.now + 300
7
8token = Evervault.create_client_side_decrypt_token(encrypted_data, five_minutes)

Parameters

payloadRequiredString | Boolean | Number | Array | Hash
The data to decrypt.
expiryTime
The time the token will expire. Defaults to 5 minutes in the future.

run

Lets you invoke an Evervault Function with a given payload.

1require "evervault"
2Evervault.app_id = "<APP_ID>"
3Evervault.api_key = "<API_KEY>"
4
5result = Evervault.run("hello-function", {
6  "name": "Claude Shannon",
7  "ssn": "ev:encrypted_string"
8})

Parameters

functionNameRequiredString
The name of the function to invoke.
payloadRequiredHash
The payload to pass to the function.

Successful Function runs will return a hash containing a Function Run ID and the result from your Function in the following format:

1{
2  "id": "func_run_09413338da56",
3  "status": "success",
4  "result": {
5    "message": "Hello from a Function! It seems you have 14 letters in your name",
6    "name": "ev:RFVC:TTLHY04oVJlBuvPx:A7MeNriTKFES0Djl9uKaPvHCAn9PjSfOHu7tswXFCHF9:jwYKE13o3iQlr6Dn/DRk80XpNOGb:$"
7  }
8}

create_run_token

Creates a single use, time bound token (5 minutes) for invoking an Evervault Function with a given payload. Run Tokens can be used to invoke an Evervault Function client-side without providing a sensitive API Key.

1require "evervault"
2Evervault.app_id = "<APP_ID>"
3Evervault.api_key = "<API_KEY>"
4
5run_token = Evervault.create_run_token("hello-function", {
6  "name": "Claude Shannon",
7  "ssn": "ev:encrypted_string"
8})

Parameters

functionNameRequiredString
Name of the Function the Run Token is for.
payloadHash
Payload that the token can be used with. If not provided, a run token will be created, and the payload will not be validated when the function is executed.

When you create a Run Token, the SDK will return a JSON object containing your token.

1{
2  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlciI6IjAuMCJ9.eyJhcHBVdWlkIjoiYXBwX2RmZGE3MmUwMTZiMCIsImZ1bmN0aW9uTmFtZSI6ImhlbGxvLWNhZ2UtdGFsbC13YWxscy10cmF2ZWwiLCJydW5JZCI6IjRiMjhmMzNlLWU3NjYtNDI2OC1iNmY2LTUyYzZkM2VmMGQzYyIsImV4cCI6MTY2Nzg3Njc2Nn0.gCiFw7UJ8gjZfeXNEaqX4H1Y9HBX9avjioZ4yDU8PTtmGT4QTzVOhnDV46v_yyXLxpO1BgzoBRpYbLciiW1_QXSLmx6cCuJy4vHUZwssHT13vB7AXIl_88Ab5R7w9vpOQIDoCjhPVWJsolwUiiGh_5yE4wGv6WPTIfSv249_hpJLMz3AAffXUckiLPxFporY73KXtTANQH_zniivB91KdBnyGhle7gTs1EXWLqpdMIrqOz9cmoXU31DGd-AgeMzM082s_XtdCFq7FNLLtg6Nx8Mx8Bjl0cKV41R-jbTpHSXxutLX-PSDmWn5wSqDhlQoEWdTLsoS6xp7qhZ2urYyYg"
3}

Run Tokens can then be used to authenticate Function runs from the client-side.

1fetch("https://api.evervault.com/functions/[function-name]/runs", {
2  method: "POST",
3  headers: {
4    "Content-Type": "application/json",
5    Authorization: `RunToken [run-token]`,
6  },
7  body: JSON.stringify({
8    payload: {
9      ssn: "encrypted_string",
10    },
11  }),
12});

enable_outbound_relay

This should only be used when you need to configure third party SDKs with Relay. All other use cases should call Relay with a HTTP Client.

Configures your application to proxy HTTP requests using Relay based on the configuration created in the Evervault dashboard.

1Evervault.enable_outbound_relay()

Parameters

decryption_domainsString[]
Requests sent to any of the domains listed will be proxied through Relay. This will override the configuration created using the Evervault dashboard.

Ruby

Parameters

Parameters

PCI Compliance

Parameters

Parameters

Parameters

Parameters

On this page