Class: KmsTools::Base

Inherits:
Object
  • Object
show all
Defined in:
lib/kms-tools/base.rb

Overview

Helper class for Aws::KMS::Client.

Direct Known Subclasses

Decrypter, Encrypter

Constant Summary collapse

DEFAULT_REGION =

Default region if nothing is provided because we all use N. Virginia, don’t we?

'us-east-1'

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ Base

Instantiates a Aws::KMS::Client object with provided options.

Parameters:

  • options (Hash) (defaults to: {})

Options Hash (options):

  • :master_key (String)

    Customer Master Key to use when instantiating the object, this can be a full key ID, an alias, or an ARN

  • :region (String)

    Set the region for Aws::KMS::Client to use. Defaults to DEFAULT_REGION

  • :profile (String)

    Use the specified profile from an AWS credentials file



22
23
24
25
26
27
28
29
30
31
 
# File 'lib/kms-tools/base.rb', line 22

def initialize(options = {})
  @master_key = options[:master_key] || Config.master_key
  @region = options[:region] || Config.region
  @profile = options[:profile] || Config.profile

  @kms = Aws::KMS::Client.new({
      :region => region,
      :profile => @profile,
      })
end

Instance Attribute Details

#kmsObject (readonly)

InstantiatedAws::KMS::Client object



12
13
14
 
# File 'lib/kms-tools/base.rb', line 12

def kms
  @kms
end

#master_keyObject

Customer master key used for ann encryption operations



9
10
11
 
# File 'lib/kms-tools/base.rb', line 9

def master_key
  @master_key
end

Instance Method Details

#available_aliasesArray

Lists all master key aliases available to the current client (Ignores built-aws keys that should not be used by user code).

Returns:

  • (Array) 


35
36
37
38
 
# File 'lib/kms-tools/base.rb', line 35

def available_aliases
  aliases = kms.list_aliases.aliases.delete_if { |a| a.alias_name.include? "alias/aws/"}
  aliases.map{ |a| a.alias_name }
end

#from_64(blob) ⇒ String

Short function to decode a blob from Base64

Returns:

  • (String)

    blob



83
84
85
 
# File 'lib/kms-tools/base.rb', line 83

def from_64(blob)
  Base64.decode64(blob)
end

#master_key_arnString

Key ARN of the currently selected master key

Returns:

  • (String)

    key ARN



42
43
44
 
# File 'lib/kms-tools/base.rb', line 42

def master_key_arn
  master_key ? kms.describe_key({:key_id => master_key}).key_metadata.arn : nil
end

#master_key_idString

Returns the key ID of the currently selected master key

Returns:

  • (String)

    key id



48
49
50
 
# File 'lib/kms-tools/base.rb', line 48

def master_key_id
  master_key ? kms.describe_key({:key_id => master_key}).key_metadata.key_id : nil
end

#regionString

Current client region

Returns:

  • (String) 


65
66
67
 
# File 'lib/kms-tools/base.rb', line 65

def region
  @region ||= DEFAULT_REGION
end

#to_64(blob) ⇒ String

Short function to encode a blob to Base64

Returns:

  • (String)

    Base64 encoded string



71
72
73
 
# File 'lib/kms-tools/base.rb', line 71

def to_64(blob)
  Base64.encode64(blob)
end

#to_s64(blob) ⇒ String

Short function to strict encode a blob to Base64

Returns:

  • (String)

    Base64 encoded string without linebreaks



77
78
79
 
# File 'lib/kms-tools/base.rb', line 77

def to_s64(blob)
  Base64.strict_encode64(blob)
end

#use_key_alias=(key_alias) ⇒ String

Sets the current master key using a key alias. Verifies that the provided key is available prior to setting.

Parameters:

  • key_alias (String)

    Key alias to use, must be available with current credentials/role

Returns:

  • (String) 


55
56
57
58
59
60
61
 
# File 'lib/kms-tools/base.rb', line 55

def use_key_alias=(key_alias)
  if available_aliases.include? key_alias
    @master_key = key_alias
  else
    raise "Requested key alias not available with current credentials!"
  end
end