Class: KmsEncrypted::Clients::Google

Inherits:

Base

• Object
• Base
• KmsEncrypted::Clients::Google

Defined in:

lib/kms_encrypted/clients/google.rb

Instance Attribute Summary

• #last_key_version ⇒ Object readonly

  Returns the value of attribute last_key_version.

Attributes inherited from Base

#key_id

Instance Method Summary

• #decrypt(ciphertext, context: nil) ⇒ Object
• #encrypt(plaintext, context: nil) ⇒ Object

Methods inherited from Base

#initialize

Constructor Details

This class inherits a constructor from KmsEncrypted::Clients::Base

Instance Attribute Details

#last_key_version ⇒ Object (readonly)

Returns the value of attribute last_key_version.

# File 'lib/kms_encrypted/clients/google.rb', line 4

def last_key_version
  @last_key_version
end

Instance Method Details

#decrypt(ciphertext, context: nil) ⇒ Object

# File 'lib/kms_encrypted/clients/google.rb', line 22

def decrypt(ciphertext, context: nil)
  options = {
    ciphertext: ciphertext
  }
  options[:additional_authenticated_data] = generate_context(context) if context

  # ensure namespace gets loaded
  client = KmsEncrypted.google_client
  request = ::Google::Apis::CloudkmsV1::DecryptRequest.new(**options)
  begin
    client.decrypt_crypto_key(key_id, request).plaintext
  rescue ::Google::Apis::ClientError => e
    decryption_failed! if e.message.include?("Decryption failed")
    raise e
  end
end

#encrypt(plaintext, context: nil) ⇒ Object

# File 'lib/kms_encrypted/clients/google.rb', line 6

def encrypt(plaintext, context: nil)
  options = {
    plaintext: plaintext
  }
  options[:additional_authenticated_data] = generate_context(context) if context

  # ensure namespace gets loaded
  client = KmsEncrypted.google_client
  request = ::Google::Apis::CloudkmsV1::EncryptRequest.new(**options)
  response = client.encrypt_crypto_key(key_id, request)

  @last_key_version = response.name

  response.ciphertext
end