Class: Keystore

Inherits:
Object
  • Object
show all
Defined in:
lib/keystore.rb

Overview

rubocop:disable Metrics/AbcSize

Instance Method Summary collapse

Constructor Details

#initialize(params = {}) ⇒ Keystore

Returns a new instance of Keystore.


7
8
9
10
11
12
# File 'lib/keystore.rb', line 7

def initialize(params = {})
  @options = params
  raise 'need to specify dynamo parameter' if @options[:dynamo].nil?
  raise 'need to specify table_name parameter' if @options[:table_name].nil?
  raise 'need to specify kms parameter' if @options[:kms].nil?
end

Instance Method Details

#retrieve(params) ⇒ Object

Raises:


29
30
31
32
33
34
35
36
37
38
# File 'lib/keystore.rb', line 29

def retrieve(params)
  item = @options[:dynamo].get_item(table_name: @options[:table_name], key: { ParameterName: params[:key] }).item
  raise KeyNotFoundError.new, "keyname #{params[:key]} not found" if item.nil?
  raise KeyNotFoundError.new, "keyname #{params[:key]} not found" if item['Value'].nil?

  encoded_value = item['Value']
  encrypted_value = Base64.decode64(encoded_value)
  result = @options[:kms].decrypt(ciphertext_blob: encrypted_value).plaintext
  result.strip
end

#store(params) ⇒ Object


14
15
16
17
18
19
20
21
22
23
24
25
26
27
# File 'lib/keystore.rb', line 14

def store(params)
  # only need key id to encrypt, so check for it here
  raise 'need to specify key_id or key_alias parameter' if @options[:key_id].nil? && @options[:key_alias].nil?

  key_id = @options[:key_id] || get_kms_keyid(@options[:key_alias])

  value_to_encrypt = params[:value].nil? || params[:value].empty? ? ' ' : params[:value]
  encrypted_value = @options[:kms].encrypt(key_id: key_id, plaintext: value_to_encrypt).ciphertext_blob
  encoded_value = Base64.encode64(encrypted_value)
  @options[:dynamo].put_item(
    table_name: @options[:table_name],
    item: { ParameterName: params[:key], Value: encoded_value }
  )
end