Reference

Ruby SDK

You can use our Ruby SDK to:

  • Encrypt data server-side
  • Invoke Functions
  • Decrypt data through Outbound Relay

Encrypting data with our backend SDKs instead of Inbound Relay may expose you to greater compliance burden because plaintext data touches your server before it is encrypted.

Instead you can:


Quickstart

Install SDK

Our Ruby SDK is distributed via RubyGems, and can be installed using the gem CLI or a Gemfile.

1
$ gem install evervault

Initialize SDK

The SDK needs to be initialized with an App's API Key. If you don't have one yet, you can get one by creating an App in the Evervault Dashboard.

1
require "evervault"
2
3
Evervault.api_key = "<API_KEY>"

Encrypt a string

Now that the SDK is initialized, we can encrypt a string.

1
encrypted = Evervault.encrypt("Hello, world!")

Full example

Pulling all of this together leaves us with the following working example. You can copy and paste the code below (using a sandbox API key), run it in your own environment and run the encryption and decryption for yourself.

1
require "evervault"
2
Evervault.api_key = "<API_KEY>"
3
4
encrypted = Evervault.encrypt("Hello, world!")
5
6
print encrypted
7
8
# Send the decrypted data to a third-party API
9
Evervault.enable_outbound_relay
10
uri = URI('https://example.com')
11
req = Net::HTTP::Post.new(uri.path, 'Content-Type' => 'application/json')
12
req.body = encrypted.to_json
13
http = Net::HTTP.new(uri.host, uri.port)
14
http.use_ssl = true
15
res = http.request(req)

Reference

Evervault.encrypt(data)

Encrypts data using Evervault Encryption. Evervault Strings can be used across all of our products. To encrypt data using the Ruby SDK, simply pass a String, Hash or Array into the encrypt() method.

The encrypted data can be stored in your database as normal and can be used with any of Evervault’s other services.

1
require "evervault"
2
Evervault.api_key = "<API_KEY>"
3
4
encrypted = Evervault.encrypt("Hello, world!")
5
6
puts encrypted
Parameters
dataRequiredString | Hash

The data to encrypt.


Evervault.run(function_name, data, options)

Lets you invoke an Evervault Function with a given payload.

1
require "evervault"
2
Evervault.api_key = "<API_KEY>"
3
4
result = Evervault.run(
5
"hello-function",
6
{
7
"name": "Claude Shannon",
8
"ssn": "ev:encrypted_string"
9
},
10
{
11
"async": false,
12
"version": nil
13
}
14
)
Parameters
function_nameRequiredString

Name of the function the Run Token is for.

payloadRequiredHash

Payload for the Function.

options

Additional options for running the Function.

options.asyncBoolean, Default: false

Run your Function in async mode. Asynchronous Function runs will be queued for processing and return a 200 OK response saying your run has been queued.

options.versionInteger, Default: None

Specify the version of your Function to run. By default, the latest version will be run.

Response

Function runs will return a JSON object containing a Function Run ID and the result from your Function in the following format:

1
{
2
"result": {
3
"message": "Hello from a Function! It seems you have 14 letters in your name",
4
"name": "ev:RFVC:TTLHY04oVJlBuvPx:A7MeNriTKFES0Djl9uKaPvHCAn9PjSfOHu7tswXFCHF9:jwYKE13o3iQlr6Dn/DRk80XpNOGb:$"
5
},
6
"runId": "09413338da56",
7
"appUuid": "app_dfda72e016b1"
8
}

Evervault.create_run_token(function_name, data)

Creates a single use, time bound token (5 minutes) for invoking an Evervault Function with a given payload.

Run Tokens can be used to invoke an Evervault Function client-side without providing a sensitive API Key.

1
require "evervault"
2
Evervault.api_key = "<API_KEY>"
3
4
run_token = Evervault.create_run_token(
5
"hello-function",
6
{
7
"name": "Claude Shannon",
8
"ssn": "ev:encrypted_string"
9
}
10
)
11
12
print run_token
Parameters
function_nameRequiredString

Name of the Function the Run Token is for.

dataHash

Payload that the token can be used with. If not provided, a run token will be created, and the payload will not be validated when the function is executed.

Response

When you create a Run Token, the SDK will return a JSON object containing your token.

1
{
2
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlciI6IjAuMCJ9.eyJhcHBVdWlkIjoiYXBwX2RmZGE3MmUwMTZiMCIsImZ1bmN0aW9uTmFtZSI6ImhlbGxvLWNhZ2UtdGFsbC13YWxscy10cmF2ZWwiLCJydW5JZCI6IjRiMjhmMzNlLWU3NjYtNDI2OC1iNmY2LTUyYzZkM2VmMGQzYyIsImV4cCI6MTY2Nzg3Njc2Nn0.gCiFw7UJ8gjZfeXNEaqX4H1Y9HBX9avjioZ4yDU8PTtmGT4QTzVOhnDV46v_yyXLxpO1BgzoBRpYbLciiW1_QXSLmx6cCuJy4vHUZwssHT13vB7AXIl_88Ab5R7w9vpOQIDoCjhPVWJsolwUiiGh_5yE4wGv6WPTIfSv249_hpJLMz3AAffXUckiLPxFporY73KXtTANQH_zniivB91KdBnyGhle7gTs1EXWLqpdMIrqOz9cmoXU31DGd-AgeMzM082s_XtdCFq7FNLLtg6Nx8Mx8Bjl0cKV41R-jbTpHSXxutLX-PSDmWn5wSqDhlQoEWdTLsoS6xp7qhZ2urYyYg"
3
}

Run Tokens can then be used to authenticate Function runs from the client-side.

bernstein:~$
curl -X POST https://run.evervault.com/hello-function \
-H 'Authorization: Bearer eyJ..Tg' \
-H 'Content-Type: application/json' \
--data '{"name": "Claude Shannon", "ssn": "ev:encrypted_string"}'

Evervault.enable_outbound_relay(options)

Configures your application to proxy HTTP requests using Outbound Relay based on the configuration created in the Evervault dashboard.

1
Evervault.enable_outbound_relay()
Parameters
decryption_domainsString[]

Requests sent to any of the domains listed will be proxied through Outbound Relay. This will override the configuration created using the Evervault dashboard.