Module: KmsEncrypted

Defined in:: lib/kms_encrypted.rb,
lib/kms_encrypted/box.rb,
lib/kms_encrypted/model.rb,
lib/kms_encrypted/client.rb,
lib/kms_encrypted/version.rb,
lib/kms_encrypted/database.rb,
lib/kms_encrypted/clients/aws.rb,
lib/kms_encrypted/clients/base.rb,
lib/kms_encrypted/clients/test.rb,
lib/kms_encrypted/clients/vault.rb,
lib/kms_encrypted/clients/google.rb,
lib/kms_encrypted/log_subscriber.rb

Defined Under Namespace

Modules: Clients, Model Classes: Box, Client, Database, DecryptionError, Error, LogSubscriber

Constant Summary collapse

VERSION =

"1.6.0"

Class Attribute Summary collapse

Class Method Summary collapse

.context_hash(context, path:) ⇒ Object

hash is independent of key, but specific to audit device.

Class Attribute Details

.aws_client ⇒ `Object`

# File 'lib/kms_encrypted.rb', line 32

def aws_client
  @aws_client ||= Aws::KMS::Client.new(
    retry_limit: 1,
    http_open_timeout: 2,
    http_read_timeout: 2
  )
end

.google_client ⇒ `Object`

# File 'lib/kms_encrypted.rb', line 40

def google_client
  @google_client ||= begin
    begin
      require "google/apis/cloudkms_v1"

      client = ::Google::Apis::CloudkmsV1::CloudKMSService.new
      client.authorization = ::Google::Auth.get_application_default(
        "https://www.googleapis.com/auth/cloud-platform"
      )
      client.client_options.log_http_requests = false
      client.client_options.open_timeout_sec = 2
      client.client_options.read_timeout_sec = 2
      client
    rescue LoadError
      require "google/cloud/kms"

      Google::Cloud::Kms.key_management_service do |config|
        config.timeout = 2
      end
    end
  end
end

.key_id ⇒ `Object`



67
68
69

# File 'lib/kms_encrypted.rb', line 67

def key_id
  @key_id ||= ENV["KMS_KEY_ID"]
end

.vault_client ⇒ `Object`



63
64
65

# File 'lib/kms_encrypted.rb', line 63

def vault_client
  @vault_client ||= ::Vault::Client.new
end

Class Method Details

.context_hash(context, path:) ⇒ `Object`

hash is independent of key, but specific to audit device

# File 'lib/kms_encrypted.rb', line 72

def context_hash(context, path:)
  context = Base64.encode64(context.to_json)
  vault_client.logical.write("sys/audit-hash/#{path}", input: context).data[:hash]
end

Module: KmsEncrypted

Defined Under Namespace

Constant Summary collapse

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.aws_client ⇒ Object

.google_client ⇒ Object

.key_id ⇒ Object

.vault_client ⇒ Object

Class Method Details

.context_hash(context, path:) ⇒ Object

.aws_client ⇒ `Object`

.google_client ⇒ `Object`

.key_id ⇒ `Object`

.vault_client ⇒ `Object`

.context_hash(context, path:) ⇒ `Object`