Class: KumoKi::KMS

Inherits:

Object

• Object
• KumoKi::KMS

Defined in:

lib/kumo_ki.rb

Instance Method Summary

• #client ⇒ Object
• #decrypt(cipher_text) ⇒ Object
• #encrypt_for(env_name, plain_text) ⇒ Object

Instance Method Details

#client ⇒ Object

# File 'lib/kumo_ki.rb', line 8

def client
  @client ||= Aws::KMS::Client.new(
    region: ENV['AWS_REGION'] || 'us-east-1',
  )
end

#decrypt(cipher_text) ⇒ Object

# File 'lib/kumo_ki.rb', line 14

def decrypt(cipher_text)
  client.decrypt({
    ciphertext_blob: Base64.decode64(cipher_text)
  }).plaintext
rescue Aws::Errors::MissingCredentialsError => e
  raise KumoKi::KumoKiError.new("No AWS credentials found.  Try setting AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID environment variables")
rescue => e
  raise KumoKi::DecryptionError.new("There was a problem decrypting your secrets: #{e.message}")
end

#encrypt_for(env_name, plain_text) ⇒ Object

# File 'lib/kumo_ki.rb', line 24

def encrypt_for(env_name, plain_text)
  Base64.encode64(client.encrypt({
    key_id:    key_for_environment(env_name),
    plaintext: plain_text,
  }).ciphertext_blob)
end