Class: Envault::Cryptor::Kms

Inherits:

Object

• Object
• Envault::Cryptor::Kms

Defined in:

lib/envault/cryptor/kms.rb

Instance Method Summary

• #decrypt(value) ⇒ Object
• #encrypt(value) ⇒ Object
• #initialize(profile) ⇒ Kms constructor

  A new instance of Kms.

Constructor Details

#initialize(profile) ⇒ Kms

Returns a new instance of Kms.

# File 'lib/envault/cryptor/kms.rb', line 4

def initialize(profile)
  require 'aws-sdk'
  options = {}
  options[:region] = profile[:region] if profile[:region]
  options[:access_key_id] = profile[:aws_access_key_id] if profile[:aws_access_key_id]
  options[:secret_access_key] = profile[:aws_secret_access_key] if profile[:aws_secret_access_key]
  @client = Aws::KMS::Client.new(options)
  @key_id = profile[:key_id]
end

Instance Method Details

#decrypt(value) ⇒ Object

# File 'lib/envault/cryptor/kms.rb', line 19

def decrypt(value)
  resp = @client.decrypt(ciphertext_blob: Base64.strict_decode64(value))
  resp.plaintext
end

#encrypt(value) ⇒ Object

# File 'lib/envault/cryptor/kms.rb', line 14

def encrypt(value)
  resp = @client.encrypt(key_id: @key_id, plaintext: value)
  Base64.strict_encode64(resp.ciphertext_blob)
end