Project

signed_params

0.01
A long-lived project that still receives updates
signed_paramselvinaspredkelis/signed_paramsHomepageDocumentationSource CodeBug Tracker
A lightweight library for encoding/decoding Rails request parameters.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
453
Stars
33
Forks
1
Watchers
0
 Releases
Current version
0.2.0
Total releases
3
First release
1980-01-02
Latest release
2025-05-26
 Issues
Open Issues
0
Closed Issues
1
Total Issues
1
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
1
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2025-05-29
Reverse Dependencies
0

 Dependencies

Runtime

actionpack
>= 6.1
 Project Readme

Signed Params

A lightweight library for encoding/decoding Rails request parameters.

signed_params are protected against tampering and safe to share with the internet. Great for generating sharable links and/or mitigating web scrapers.

Battle-tested at Hansa. Developed at Primevise.

signed_params GEM Version signed_params GEM Downloads

Installation

Add gem

Simply add the gem to your Gemfile by running the following command

bundle add signed_params

Usage

The signed paramaters can be accesed via params.signed. It mirrors the behavior of Rails' signed cookies.

Similarly, setting a signed parameter can be done with the params.sign method.

Example

class RecordsController < ApplicationController
  def index
    
    # Using `params.signed` will return `nil` if the parameter is tampered
    record_ids = params.signed[:record_ids]

    # Using `params.signed.fetch` will raise `ActionController::Parameters::InvalidSignature` if the parameter is tampered
    record_ids = params.signed.fetch(:record_ids)    

    @records = Record.find(record_ids)
  end

  def new_public_link
    record_ids = Record.last(8).pluck(:id)
    redirect_to records_path(params.sign(record_ids:))
  end
end

Tip

You can use all sorts of datatypes when signing parameters. Strings, integers, arrays, objects - they all just work.

Caution

Avoid exposing sensitive data while using signed_params. Your application should still implement proper authentication and authorization.

License

The gem is available as open source under the terms of the MIT License.