Module: KmsEncrypted

Defined in:
lib/kms_encrypted.rb,
lib/kms_encrypted/box.rb,
lib/kms_encrypted/model.rb,
lib/kms_encrypted/client.rb,
lib/kms_encrypted/version.rb,
lib/kms_encrypted/database.rb,
lib/kms_encrypted/clients/aws.rb,
lib/kms_encrypted/clients/base.rb,
lib/kms_encrypted/clients/test.rb,
lib/kms_encrypted/clients/vault.rb,
lib/kms_encrypted/clients/google.rb,
lib/kms_encrypted/log_subscriber.rb

Defined Under Namespace

Modules: Clients, Model Classes: Box, Client, Database, DecryptionError, Error, LogSubscriber

Constant Summary collapse

VERSION = 
"1.2.4"

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.aws_clientObject 



32
33
34
35
36
37
38
 
# File 'lib/kms_encrypted.rb', line 32

def aws_client
  @aws_client ||= Aws::KMS::Client.new(
    retry_limit: 1,
    http_open_timeout: 2,
    http_read_timeout: 2
  )
end

.google_clientObject 



40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/kms_encrypted.rb', line 40

def google_client
  @google_client ||= begin
    require "google/apis/cloudkms_v1"
    client = ::Google::Apis::CloudkmsV1::CloudKMSService.new
    client.authorization = ::Google::Auth.get_application_default(
      "https://www.googleapis.com/auth/cloud-platform"
    )
    client.client_options.log_http_requests = false
    client.client_options.open_timeout_sec = 2
    client.client_options.read_timeout_sec = 2
    client
  end
end

.key_idObject 



58
59
60
 
# File 'lib/kms_encrypted.rb', line 58

def key_id
  @key_id ||= ENV["KMS_KEY_ID"]
end

.vault_clientObject 



54
55
56
 
# File 'lib/kms_encrypted.rb', line 54

def vault_client
  @vault_client ||= ::Vault::Client.new
end

Class Method Details

.context_hash(context, path:) ⇒ Object

hash is independent of key, but specific to audit device



63
64
65
66
 
# File 'lib/kms_encrypted.rb', line 63

def context_hash(context, path:)
  context = Base64.encode64(context.to_json)
  vault_client.logical.write("sys/audit-hash/#{path}", input: context).data[:hash]
end