Class: Teak::AttrEncrypted::KEKProvider::AwsKMS

Inherits:

Base

• Object
• Base
• Teak::AttrEncrypted::KEKProvider::AwsKMS

Defined in:

lib/teak/attr_encrypted/kek_provider/aws_kms.rb

Constant Summary

KEY_SPEC =

'AES_256'

Instance Attribute Summary

Attributes inherited from Base

#id

Instance Method Summary

• #decrypt_data_key(key, encryption_context) ⇒ Object
• #initialize(key_id, client: nil) ⇒ AwsKMS constructor

  A new instance of AwsKMS.

• #request_data_key(encryption_context) ⇒ Object

Constructor Details

#initialize(key_id, client: nil) ⇒ AwsKMS

Returns a new instance of AwsKMS.

# File 'lib/teak/attr_encrypted/kek_provider/aws_kms.rb', line 13

def initialize(key_id, client: nil)
  @key_id = key_id
  @kms_client = client || Aws::KMS::Client.new

  super(@kms_client.describe_key(key_id: key_id).key_metadata.arn)
end

Instance Method Details

#decrypt_data_key(key, encryption_context) ⇒ Object

# File 'lib/teak/attr_encrypted/kek_provider/aws_kms.rb', line 31

def decrypt_data_key(key, encryption_context)
  parameters = {
    ciphertext_blob: key
  }
  if encryption_context
    parameters[:encryption_context] = encryption_context
  end
  @kms_client.decrypt(parameters)
end

#request_data_key(encryption_context) ⇒ Object

# File 'lib/teak/attr_encrypted/kek_provider/aws_kms.rb', line 20

def request_data_key(encryption_context)
  parameters = {
    key_id: @key_id,
    key_spec: KEY_SPEC
  }
  if encryption_context
    parameters[:encryption_context] = encryption_context
  end
  @kms_client.generate_data_key(parameters)
end