⚡ Shield sensitive data in Postgres and MySQL
Great for business intelligence tools like Blazer
Hypershield creates shielded views (in the hypershield schema by default) that hide sensitive tables and columns. The advantage of this approach over column-level privileges is you can use SELECT *.
By default, it hides columns with:
encryptedpasswordtokensecret
Give database users access to these views instead of the original tables.
Create a new schema in your database
CREATE SCHEMA hypershield;Grant privileges
GRANT USAGE ON SCHEMA hypershield TO myuser;
-- replace migrations with the user who manages your schema
ALTER DEFAULT PRIVILEGES FOR ROLE migrations IN SCHEMA hypershield
GRANT SELECT ON TABLES TO myuser;
-- keep public in search path for functions
ALTER ROLE myuser SET search_path TO hypershield, public;And connect as the user and make sure there’s no access the original tables
SELECT * FROM public.users LIMIT 1;Create a new schema in your database
CREATE SCHEMA hypershield;Grant privileges
GRANT SELECT, SHOW VIEW ON hypershield.* TO myuser;
FLUSH PRIVILEGES;And connect as the user and make sure there’s no access the original tables
SELECT * FROM mydb.users LIMIT 1;Add this line to your application’s Gemfile:
gem 'hypershield', group: :productionRefresh the schema
rake hypershield:refreshAnd query away on your shielded views
SELECT * FROM users LIMIT 1;When you run database migrations, the schema is automatically refreshed.
Specify the schema to use and columns to show and hide
Hypershield.schemas = {
hypershield: {
hide: %w(encrypted password token secret),
show: %w(ahoy_visits.visit_token)
}
}- Create CLI
View the changelog
Everyone is encouraged to help improve this project. Here are a few ways you can help:
- Report bugs
- Fix bugs and submit pull requests
- Write, clarify, or fix documentation
- Suggest or add new features