Today we’re excited to announce the release of the Multipass chrome extension, a password manager for teams!

Multipass was built with teams and sharing in mind. Multipass is not meant to be a personal password manager. Instead, we wanted to create an application in which teams and sharing are the primary focus.

We also didn’t want the responsibility of storing users data. Even though passwords and secrets are encrypted, the data must exist somewhere. The user is endowing a lot of trust where ever that data resides.

To achieve these two implementation goals, we decided to limit Multipass to G-Suite…

With Rails 5.2, we can now use the new expiry metadata feature to secure ActionCable connections!

Others have already touched on the existing limits with setting expiration dates for signed or encrypted for cookies and how Rails 5.2 enhances these APIs. Prior to 5.2, expiration time were just set with the client and the underlying the security layers, MessageEncryptor and MessageVerifier, did nothing to enforce the expiration. In some cases, it is important to enforce an expiration time for the cookie otherwise the cookie value will be considered “valid forever”.

In this post, we will refactor an existing controller and…

The upcoming release of Rails version 5.2, two new metadata fields for expiry and purpose information have been added to both the MessageEncryptor and MessageVerifier classes. These metadata features were developed and implemented as part of the Rails Google Summer of Code 2017 project. Both classes implement the same metadata API for encrypted and signed messages.

Purpose Metadata

First lets explore the :purpose metadata option. This option lets us specify a string or symbol that will be included within the message when encrypting or generating a signed message. …

With the release of Rails version 5.2, sessions and encrypted cookies are now protected with Authenticated Encryption via AES with GCM mode.

In general, Authenticated Encryption (AE) aims to provide both encryption and authentication into a single programming interface. Output from an AE cipher will contain both the resulting cipher text as well as authentication tag usually in the form of a Message Authentication Code (MAC). Authentication is needed when encrypting messages in order to avoid various attacks on the underlying encryption cipher.

Authenticated Encryption through the GCM cipher was first introduced in Rails 5.1 in PR 25874. This PR…

Have you ever wondered what the secret_key_base value is and how it’s used in a Rails application? This configuration value was introduced in Rails 4 and is usually defined on a per-environment basis. It’s purpose is simple: to be the secret input for the application’s key_generator method.

This method is accessible through Rails.application.key_generator. The method accepts no arguments and returns an ActiveSupport::CachingKeyGenerator instance. Keys are then derived using the generate_key method provided by the CachingKeyGenerator class. …

Michael J Coyne

CTO and Head of Product Development at Technical Advisor to start-ups.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store