Class: EcsDeployer::Util::Cipher

Inherits:

Object

• Object
• EcsDeployer::Util::Cipher

Defined in:

lib/ecs_deployer/util/cipher.rb

Constant Summary

ENCRYPT_VARIABLE_PATTERN =

/^\${(.+)}$/.freeze

Instance Method Summary

• #decrypt(value) ⇒ String
• #encrypt(master_key, value) ⇒ String
• #encrypt_value?(value) ⇒ Bool
• #initialize(aws_options = {}) ⇒ EcsDeployer::Util::Cipher constructor

Constructor Details

#initialize(aws_options = {}) ⇒ EcsDeployer::Util::Cipher

Parameters:

• aws_options (Hash) (defaults to: {})

# File 'lib/ecs_deployer/util/cipher.rb', line 10

def initialize(aws_options = {})
  @kms = Aws::KMS::Client.new(aws_options)
end

Instance Method Details

#decrypt(value) ⇒ String

Parameters:

• value (String)

Returns:

• (String)

Raises:

• (KmsDecryptError)

# File 'lib/ecs_deployer/util/cipher.rb', line 26

def decrypt(value)
  match = value.match(ENCRYPT_VARIABLE_PATTERN)
  raise KmsDecryptError, 'Encrypted string is invalid.' unless match

  begin
    @kms.decrypt(ciphertext_blob: Base64.strict_decode64(match[1])).plaintext
  rescue => e
    raise KmsDecryptError, e.to_s
  end
end

#encrypt(master_key, value) ⇒ String

Parameters:

• mater_key (String)
• value (String)

Returns:

• (String)

# File 'lib/ecs_deployer/util/cipher.rb', line 17

def encrypt(master_key, value)
  encode = @kms.encrypt(key_id: "alias/#{master_key}", plaintext: value)
  "${#{Base64.strict_encode64(encode.ciphertext_blob)}}"
rescue => e
  raise KmsEncryptError, e.to_s
end

#encrypt_value?(value) ⇒ Bool

Parameters:

• value (String)

Returns:

• (Bool)

# File 'lib/ecs_deployer/util/cipher.rb', line 39

def encrypt_value?(value)
  value.to_s.match(ENCRYPT_VARIABLE_PATTERN) ? true : false
end