Class: Enveloperb::AWSKMS

Inherits:
Object
  • Object
show all
Defined in:
lib/enveloperb/awskms.rb

Overview

An Enveloperb cryptography engine using AWS KMS as a wrapping key provider.

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.new(keyid, aws_access_key_id: nil, aws_secret_access_key: nil, aws_session_token: nil, aws_region: nil) ⇒ Object 



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/enveloperb/awskms.rb', line 5

def self.new(keyid, aws_access_key_id: nil, aws_secret_access_key: nil, aws_session_token: nil, aws_region: nil)
  unless keyid.is_a?(String) && keyid.encoding == Encoding::find("UTF-8") && keyid.valid_encoding?
    raise ArgumentError, "Key ID must be a valid UTF-8 string"
  end

  unless aws_access_key_id.nil? && aws_secret_access_key.nil? && aws_session_token.nil? && aws_region.nil?
    validate_string(aws_access_key_id, :aws_access_key_id)
    validate_string(aws_secret_access_key, :aws_secret_access_key)
    validate_string(aws_region, :aws_region)
    validate_string(aws_session_token, :aws_session_token, allow_nil: true)
  end

  _new(
    keyid,
    {
      access_key_id: aws_access_key_id,
      secret_access_key: aws_secret_access_key,
      session_token: aws_session_token,
      region: aws_region,
    }
  )
end

Instance Method Details

#decrypt(er) ⇒ Object 



36
37
38
39
40
41
42
 
# File 'lib/enveloperb/awskms.rb', line 36

def decrypt(er)
  unless er.is_a?(EncryptedRecord)
    raise ArgumentError, "Can only decrypt EncryptedRecord objects; you can make one from a string with EncryptedRecord.new"
  end

  _decrypt(er)
end

#encrypt(s) ⇒ Object 



28
29
30
31
32
33
34
 
# File 'lib/enveloperb/awskms.rb', line 28

def encrypt(s)
  unless s.is_a?(String)
    raise ArgumentError, "Can only encrypt strings"
  end

  _encrypt(s)
end