Class: Hiera::Backend::Eyaml::Encryptors::Gkms
- Inherits:
-
Encryptor
- Object
- Encryptor
- Hiera::Backend::Eyaml::Encryptors::Gkms
- Defined in:
- lib/hiera/backend/eyaml/encryptors/gkms.rb
Overview
Google KMS plugin for hiera-eyaml
Constant Summary collapse
- VERSION =
::Hiera::Backend::Eyaml::Encryptors::GkmsVersion::VERSION
Class Method Summary collapse
Class Method Details
.decrypt(ciphertext) ⇒ Object
90 91 92 |
# File 'lib/hiera/backend/eyaml/encryptors/gkms.rb', line 90 def self.decrypt(ciphertext) kms_client.decrypt(name: key_path, ciphertext: ciphertext).plaintext end |
.encrypt(plaintext) ⇒ Object
86 87 88 |
# File 'lib/hiera/backend/eyaml/encryptors/gkms.rb', line 86 def self.encrypt(plaintext) kms_client.encrypt(name: key_path, plaintext: plaintext).ciphertext end |
.key_path ⇒ Object
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
# File 'lib/hiera/backend/eyaml/encryptors/gkms.rb', line 70 def self.key_path project = option :project location = option :location key_ring = option :keyring crypto_key = option :crypto_key raise StandardError, 'gkms_project is not defined' unless project raise StandardError, 'gkms_keyring is not defined' unless key_ring raise StandardError, 'gkms_crypto_key is not defined' unless crypto_key kms_client.crypto_key_path project: project, location: location, key_ring: key_ring, crypto_key: crypto_key end |
.kms_client ⇒ Object
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
# File 'lib/hiera/backend/eyaml/encryptors/gkms.rb', line 52 def self.kms_client auth_type = option :auth_type if auth_type == 'serviceaccount' credentials = option :credentials raise StandardError, 'gkms_credentials is not defined' unless credentials Google::Cloud::Kms.configure do |config| config.credentials = credentials config.timeout = 10.0 end else ENV['GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS'] = '1' end ::Google::Cloud::Kms.key_management_service end |