Class: Hiera::Backend::Eyaml::Encryptors::Kms

Inherits:
Encryptor
  • Object
show all
Defined in:
lib/hiera/backend/eyaml/encryptors/kms.rb

Constant Summary collapse

VERSION = 
"0.2"

Class Method Summary collapse

Class Method Details

.decrypt(ciphertext) ⇒ Object 



48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/hiera/backend/eyaml/encryptors/kms.rb', line 48

def self.decrypt ciphertext
  aws_profile = self.option :aws_profile
  aws_region = self.option :aws_region

  @kms = ::Aws::KMS::Client.new(
    profile: aws_profile,
    region: aws_region,
  )

  resp = @kms.decrypt({
    ciphertext_blob: ciphertext
  })

  resp.plaintext
end

.encrypt(plaintext) ⇒ Object

Raises:

  • (StandardError) 


29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/hiera/backend/eyaml/encryptors/kms.rb', line 29

def self.encrypt plaintext
  aws_profile = self.option :aws_profile
  aws_region = self.option :aws_region
  key_id = self.option :key_id
  raise StandardError, "key_id is not defined" unless key_id

  @kms = ::Aws::KMS::Client.new(
    profile: aws_profile,
    region: aws_region,
  )

  resp = @kms.encrypt({
    key_id: key_id,
    plaintext: plaintext
  })

  resp.ciphertext_blob
end