Class: ActiveRecord::Encryption::KeyProvider
- Defined in:
- activerecord/lib/active_record/encryption/key_provider.rb
Overview
A KeyProvider
serves keys:
-
An encryption key
-
A list of potential decryption keys. Serving multiple decryption keys supports rotation-schemes where new keys are added but old keys need to continue working
Direct Known Subclasses
Instance Method Summary collapse
-
#decryption_keys(encrypted_message) ⇒ Object
Returns the list of decryption keys.
-
#encryption_key ⇒ Object
Returns the first key in the list as the active key to perform encryptions.
-
#initialize(keys) ⇒ KeyProvider
constructor
A new instance of KeyProvider.
Constructor Details
#initialize(keys) ⇒ KeyProvider
Returns a new instance of KeyProvider.
11 12 13 |
# File 'activerecord/lib/active_record/encryption/key_provider.rb', line 11 def initialize(keys) @keys = Array(keys) end |
Instance Method Details
#decryption_keys(encrypted_message) ⇒ Object
Returns the list of decryption keys
When the message holds a reference to its encryption key, it will return an array with that key. If not, it will return the list of keys.
32 33 34 35 36 37 38 |
# File 'activerecord/lib/active_record/encryption/key_provider.rb', line 32 def decryption_keys() if .headers.encrypted_data_key_id keys_grouped_by_id[.headers.encrypted_data_key_id] else @keys end end |
#encryption_key ⇒ Object
Returns the first key in the list as the active key to perform encryptions
When ActiveRecord::Encryption.config.store_key_references
is true, the key will include a public tag referencing the key itself. That key will be stored in the public headers of the encrypted message
20 21 22 23 24 25 26 |
# File 'activerecord/lib/active_record/encryption/key_provider.rb', line 20 def encryption_key @encryption_key ||= @keys.last.tap do |key| key..encrypted_data_key_id = key.id if ActiveRecord::Encryption.config.store_key_references end @encryption_key end |