Class: EcsDeployer::Util::Cipher
- Inherits:
-
Object
- Object
- EcsDeployer::Util::Cipher
- Defined in:
- lib/ecs_deployer/util/cipher.rb
Constant Summary collapse
- ENCRYPT_VARIABLE_PATTERN =
/^\${(.+)}$/.freeze
Instance Method Summary collapse
- #decrypt(value) ⇒ String
- #encrypt(master_key, value) ⇒ String
- #encrypt_value?(value) ⇒ Bool
- #initialize(aws_options = {}) ⇒ EcsDeployer::Util::Cipher constructor
Constructor Details
#initialize(aws_options = {}) ⇒ EcsDeployer::Util::Cipher
10 11 12 |
# File 'lib/ecs_deployer/util/cipher.rb', line 10 def initialize( = {}) @kms = Aws::KMS::Client.new() end |
Instance Method Details
#decrypt(value) ⇒ String
26 27 28 29 30 31 32 33 34 35 |
# File 'lib/ecs_deployer/util/cipher.rb', line 26 def decrypt(value) match = value.match(ENCRYPT_VARIABLE_PATTERN) raise KmsDecryptError, 'Encrypted string is invalid.' unless match begin @kms.decrypt(ciphertext_blob: Base64.strict_decode64(match[1])).plaintext rescue => e raise KmsDecryptError, e.to_s end end |
#encrypt(master_key, value) ⇒ String
17 18 19 20 21 22 |
# File 'lib/ecs_deployer/util/cipher.rb', line 17 def encrypt(master_key, value) encode = @kms.encrypt(key_id: "alias/#{master_key}", plaintext: value) "${#{Base64.strict_encode64(encode.ciphertext_blob)}}" rescue => e raise KmsEncryptError, e.to_s end |
#encrypt_value?(value) ⇒ Bool
39 40 41 |
# File 'lib/ecs_deployer/util/cipher.rb', line 39 def encrypt_value?(value) value.to_s.match(ENCRYPT_VARIABLE_PATTERN) ? true : false end |