Class: KmsEncrypted::Clients::Vault
- Inherits:
-
Base
- Object
- Base
- KmsEncrypted::Clients::Vault
show all
- Defined in:
- lib/kms_encrypted/clients/vault.rb
Instance Attribute Summary
Attributes inherited from Base
#key_id
Instance Method Summary
collapse
Methods inherited from Base
#initialize
Instance Method Details
#decrypt(ciphertext, context: nil) ⇒ Object
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
# File 'lib/kms_encrypted/clients/vault.rb', line 18
def decrypt(ciphertext, context: nil)
options = {
ciphertext: ciphertext
}
options[:context] = generate_context(context) if context
response =
begin
KmsEncrypted.vault_client.logical.write(
"transit/decrypt/#{key_id.sub("vault/", "")}",
options
)
rescue ::Vault::HTTPClientError => e
decryption_failed! if e.message.include?("unable to decrypt") || e.message.include?("message authentication failed")
raise e
rescue ::Vault::HTTPServerError => e
decryption_failed! if e.message.include?("message authentication failed")
raise e
rescue Encoding::UndefinedConversionError
decryption_failed!
end
Base64.decode64(response.data[:plaintext])
end
|
#encrypt(plaintext, context: nil) ⇒ Object
4
5
6
7
8
9
10
11
12
13
14
15
16
|
# File 'lib/kms_encrypted/clients/vault.rb', line 4
def encrypt(plaintext, context: nil)
options = {
plaintext: Base64.encode64(plaintext)
}
options[:context] = generate_context(context) if context
response = KmsEncrypted.vault_client.logical.write(
"transit/encrypt/#{key_id.sub("vault/", "")}",
options
)
response.data[:ciphertext]
end
|