Class: Moonshot::Plugins::EncryptedParameters::ParameterEncrypter

Inherits:

Object

• Object
• Moonshot::Plugins::EncryptedParameters::ParameterEncrypter

Defined in:

lib/plugins/encrypted_parameters/parameter_encrypter.rb

Overview

Class that can encrypt and decrypt parameters using KMS.

Instance Method Summary

• #encrypt(param_value) ⇒ String

  Encrypt and base64 encode the parameter value.

• #initialize(key_arn) ⇒ ParameterEncrypter constructor

  A new instance of ParameterEncrypter.

Constructor Details

#initialize(key_arn) ⇒ ParameterEncrypter

Returns a new instance of ParameterEncrypter.

Parameters:

• key_arn (String) —

  The ARN for the KMS key.

# File 'lib/plugins/encrypted_parameters/parameter_encrypter.rb', line 10

def initialize(key_arn)
  @kms_client = Aws::KMS::Client.new
  @key_arn = key_arn
end

Instance Method Details

#encrypt(param_value) ⇒ String

Encrypt and base64 encode the parameter value.

Parameters:

• param_value (String) —

  The parameter to encrypt.

Returns:

• (String) —

  base64 encoded encrypted ciphertext.

# File 'lib/plugins/encrypted_parameters/parameter_encrypter.rb', line 19

def encrypt(param_value)
  resp = @kms_client.encrypt(key_id: @key_arn, plaintext: param_value)

  # Use strict here to avoid newlines which cause issues with parameters.
  Base64.strict_encode64(resp.ciphertext_blob)
end