Class: AttrVault::Secret

Inherits:

Object

Object
AttrVault::Secret

Defined in:: lib/attr_vault/secret.rb

Overview

Internal: Encapsulates a secret key, a 32-byte sequence consisting

of an encryption and a signing key.

Instance Method Summary collapse

#encryption_key ⇒ Object

Internal: Returns the portion of the secret token used for encryption.
#initialize(secret) ⇒ Secret constructor

Internal - Initialize a Secret.
#signing_key ⇒ Object

Internal: Returns the portion of the secret token used for signing.

Constructor Details

#initialize(secret) ⇒ `Secret`

Internal - Initialize a Secret

secret - the secret, optionally encoded with either standard or

URL safe variants of Base64 encoding

Raises AttrVault::Secret::InvalidSecret if it cannot be decoded or is

not of the expected length

# File 'lib/attr_vault/secret.rb', line 16

def initialize(secret)
  if secret.bytesize == 32
    @secret = secret
  else
    begin
      @secret = Base64.urlsafe_decode64(secret)
    rescue ArgumentError
      @secret = Base64.decode64(secret)
    end
    unless @secret.bytesize == 32
      raise InvalidSecret,
        "Secret must be 32 bytes, instead got #{@secret.bytesize}"
    end
  end
end

Instance Method Details

#encryption_key ⇒ `Object`

Internal: Returns the portion of the secret token used for encryption



33
34
35

# File 'lib/attr_vault/secret.rb', line 33

def encryption_key
  @secret.slice(16, 16)
end

#signing_key ⇒ `Object`

Internal: Returns the portion of the secret token used for signing



38
39
40

# File 'lib/attr_vault/secret.rb', line 38

def signing_key
  @secret.slice(0, 16)
end