Class: Hydan::Crypto::KMS::EncryptionHelper

Inherits:
Object
  • Object
show all
Includes:
Hydan::Crypto
Defined in:
lib/hydan/crypto/kms/encrypt.rb

Constant Summary

Constants included from Hydan::Crypto

DEFAULT_CIPHER

Instance Method Summary collapse

Constructor Details

#initializeEncryptionHelper

Initializes the EncryptionHelper object with an Aws::KMS::Client.



12
13
14
 
# File 'lib/hydan/crypto/kms/encrypt.rb', line 12

def initialize
  @kms = Aws::KMS::Client.new
end

Instance Method Details

#encrypt(plaintext, kms_key_id, &block) ⇒ Object

Returns a JSON string containing the ciphertext (Base64 encoded) and the encrypted data key used to encrypt it



29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/hydan/crypto/kms/encrypt.rb', line 29

def encrypt(plaintext, kms_key_id, &block)
  unwrapped = block.call(plaintext) if block
  resp = @kms.generate_data_key(
    key_id: kms_key_id,
    key_spec: 'AES_256'
  )
  cipher = Gibberish::AES.new(resp[:plaintext])
  output = {
    'ciphertext' => JSON.parse(cipher.encrypt(unwrapped || plaintext)),
    'data_key' => Base64.strict_encode64(resp[:ciphertext_blob])
  }
  JSON.pretty_generate output
end

#encrypt_env_file(plaintext, kms_key_id) ⇒ Object 



43
44
45
46
47
48
49
50
51
 
# File 'lib/hydan/crypto/kms/encrypt.rb', line 43

def encrypt_env_file(plaintext, kms_key_id)
  new_text = []
  plaintext.each_line do |l|
    k, v = l.match(Hydan::IO::ENV_LINE_REGEX).captures
    enc_v = JSON.generate(JSON.parse(encrypt(v, kms_key_id)))
    new_text << "#{k}=#{enc_v}"
  end
  new_text
end

#get_kms_key_id(kms_key_alias) ⇒ Object

TODO: Should this be private? Returns the KMS key ID for a given alias



18
19
20
21
22
23
24
25
 
# File 'lib/hydan/crypto/kms/encrypt.rb', line 18

def get_kms_key_id(kms_key_alias)
  unless @kms.nil?
    aliases = @kms.list_aliases.aliases
    kms_key = aliases.find { |a| a.alias_name == kms_key_alias }
    kms_key_id = kms_key.target_key_id
    kms_key_id
  end
end