Class: ActiveKms::BaseKeyProvider

Inherits:

Object

Object
ActiveKms::BaseKeyProvider

show all

Defined in:: lib/active_kms/base_key_provider.rb

Direct Known Subclasses

AwsKeyProvider, GoogleCloudKeyProvider, TestKeyProvider, VaultKeyProvider

Instance Attribute Summary collapse

#client ⇒ Object readonly

Returns the value of attribute client.
#key_id ⇒ Object readonly

Returns the value of attribute key_id.

Instance Method Summary collapse

#decryption_keys(encrypted_message) ⇒ Object
#encryption_key ⇒ Object
#initialize(key_id:, client: nil) ⇒ BaseKeyProvider constructor

A new instance of BaseKeyProvider.

Constructor Details

#initialize(key_id:, client: nil) ⇒ `BaseKeyProvider`

Returns a new instance of BaseKeyProvider.

# File 'lib/active_kms/base_key_provider.rb', line 5

def initialize(key_id:, client: nil)
  @key_id = key_id
  @client = client || default_client
end

Instance Attribute Details

#client ⇒ `Object` (readonly)

Returns the value of attribute client.



3
4
5

# File 'lib/active_kms/base_key_provider.rb', line 3

def client
  @client
end

#key_id ⇒ `Object` (readonly)

Returns the value of attribute key_id.



3
4
5

# File 'lib/active_kms/base_key_provider.rb', line 3

def key_id
  @key_id
end

Instance Method Details

#decryption_keys(encrypted_message) ⇒ `Object`

# File 'lib/active_kms/base_key_provider.rb', line 23

def decryption_keys(encrypted_message)
  return [] if encrypted_message.headers.encrypted_data_key_id != key_id_header

  encrypted_data_key = encrypted_message.headers.encrypted_data_key
  # rescue errors to try previous keys
  # rescue outside Active Support notification for more intuitive output
  begin
    data_key =
      ActiveSupport::Notifications.instrument("decrypt.active_kms") do
        decrypt(key_id, encrypted_data_key)
      end
    [ActiveRecord::Encryption::Key.new(data_key)]
  rescue => e
    warn "[active_kms] #{e.class.name}: #{e.message}"
    []
  end
end

#encryption_key ⇒ `Object`

# File 'lib/active_kms/base_key_provider.rb', line 10

def encryption_key
  data_key = ActiveRecord::Encryption.key_generator.generate_random_key
  encrypted_data_key =
    ActiveSupport::Notifications.instrument("encrypt.active_kms") do
      encrypt(key_id, data_key)
    end

  key = ActiveRecord::Encryption::Key.new(data_key)
  key.public_tags.encrypted_data_key = encrypted_data_key
  key.public_tags.encrypted_data_key_id = key_id_header
  key
end

Class: ActiveKms::BaseKeyProvider

Direct Known Subclasses

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(key_id:, client: nil) ⇒ BaseKeyProvider

Instance Attribute Details

#client ⇒ Object (readonly)

#key_id ⇒ Object (readonly)

Instance Method Details

#decryption_keys(encrypted_message) ⇒ Object

#encryption_key ⇒ Object

#initialize(key_id:, client: nil) ⇒ `BaseKeyProvider`

#client ⇒ `Object` (readonly)

#key_id ⇒ `Object` (readonly)

#decryption_keys(encrypted_message) ⇒ `Object`

#encryption_key ⇒ `Object`