Class: SDM::SecretEncryptionInterceptor

Inherits:

Object

• Object
• SDM::SecretEncryptionInterceptor

Defined in:

lib/interceptors.rb

Overview

SecretEncryptionInterceptor implements encryption for managed secrets

Instance Method Summary

• #cache_public_key(engine_id, public_key_pem) ⇒ Object

  Cache a secret engine's public key.

• #decrypt(ciphertext) ⇒ Object

  Decrypt data using RSA-OAEP with SHA256.

• #encrypt(public_key, plaintext) ⇒ Object

  Encrypt data using RSA-OAEP with SHA256.

• #export_public_key ⇒ Object

  Export public key in PEM format.

• #get_public_key(engine_id) ⇒ Object

  Get cached public key.

• #initialize(client) ⇒ SecretEncryptionInterceptor constructor

  A new instance of SecretEncryptionInterceptor.

• #private_key ⇒ Object

  Lazy-load private key for retrievals.

• #setup(interceptor) ⇒ Object

  Setup hooks on the interceptor.

Constructor Details

#initialize(client) ⇒ SecretEncryptionInterceptor

# File 'lib/interceptors.rb', line 62

def initialize(client)
  @client = client
  @public_key_cache = {}
  @private_key = nil
end

Instance Method Details

#cache_public_key(engine_id, public_key_pem) ⇒ Object

Cache a secret engine's public key

# File 'lib/interceptors.rb', line 74

def cache_public_key(engine_id, public_key_pem)
  return if public_key_pem.nil? || public_key_pem.empty?
  @public_key_cache[engine_id] = OpenSSL::PKey::RSA.new(public_key_pem)
end

#decrypt(ciphertext) ⇒ Object

Decrypt data using RSA-OAEP with SHA256

# File 'lib/interceptors.rb', line 91

def decrypt(ciphertext)
  return ciphertext if ciphertext.nil? || ciphertext.empty?
  private_key.decrypt(ciphertext, rsa_padding_mode: "oaep", rsa_oaep_md: "sha256", rsa_mgf1_md: "sha256")
end

#encrypt(public_key, plaintext) ⇒ Object

Encrypt data using RSA-OAEP with SHA256

# File 'lib/interceptors.rb', line 85

def encrypt(public_key, plaintext)
  return plaintext if plaintext.nil? || plaintext.empty?
  public_key.encrypt(plaintext, rsa_padding_mode: "oaep", rsa_oaep_md: "sha256", rsa_mgf1_md: "sha256")
end

#export_public_key ⇒ Object

Export public key in PEM format

# File 'lib/interceptors.rb', line 97

def export_public_key
  private_key.public_key.to_pem
end

#get_public_key(engine_id) ⇒ Object

Get cached public key

# File 'lib/interceptors.rb', line 80

def get_public_key(engine_id)
  @public_key_cache[engine_id]
end

#private_key ⇒ Object

Lazy-load private key for retrievals

# File 'lib/interceptors.rb', line 69

def private_key
  @private_key ||= OpenSSL::PKey::RSA.new(4096)
end

#setup(interceptor) ⇒ Object

Setup hooks on the interceptor

# File 'lib/interceptors.rb', line 102

def setup(interceptor)
  setup_managed_secrets_hooks(interceptor)
  setup_secret_engines_hooks(interceptor)
end