Class: SymmetricEncryption::Keystore::Environment
- Defined in:
- lib/symmetric_encryption/keystore/environment.rb
Overview
Store the encrypted encryption key in an environment variable
Direct Known Subclasses
Instance Attribute Summary collapse
-
#encoding ⇒ Object
Returns the value of attribute encoding.
-
#key_env_var ⇒ Object
Returns the value of attribute key_env_var.
Attributes inherited from Memory
#encrypted_key, #key_encrypting_key
Class Method Summary collapse
-
.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args) ⇒ Object
Returns [Hash] a new keystore configuration after generating the data key.
Instance Method Summary collapse
-
#initialize(key_encrypting_key:, key_env_var:, encoding: :base64strict) ⇒ Environment
constructor
Stores the Encryption key in an environment var.
-
#read ⇒ Object
Returns the Encryption key in the clear.
-
#write(key) ⇒ Object
Write the encrypted Encryption key to ‘encrypted_key` attribute.
Constructor Details
#initialize(key_encrypting_key:, key_env_var:, encoding: :base64strict) ⇒ Environment
Stores the Encryption key in an environment var. Secures the Encryption key by encrypting it with a key encryption key.
34 35 36 37 38 |
# File 'lib/symmetric_encryption/keystore/environment.rb', line 34 def initialize(key_encrypting_key:, key_env_var:, encoding: :base64strict) @key_env_var = key_env_var @key_encrypting_key = key_encrypting_key @encoding = encoding end |
Instance Attribute Details
#encoding ⇒ Object
Returns the value of attribute encoding.
5 6 7 |
# File 'lib/symmetric_encryption/keystore/environment.rb', line 5 def encoding @encoding end |
#key_env_var ⇒ Object
Returns the value of attribute key_env_var.
5 6 7 |
# File 'lib/symmetric_encryption/keystore/environment.rb', line 5 def key_env_var @key_env_var end |
Class Method Details
.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args) ⇒ Object
Returns [Hash] a new keystore configuration after generating the data key.
Increments the supplied version number by 1.
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# File 'lib/symmetric_encryption/keystore/environment.rb', line 10 def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args) version >= 255 ? (version = 1) : (version += 1) kek = SymmetricEncryption::Key.new(cipher_name: cipher_name) dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name) key_env_var = "#{app_name}_#{environment}_v#{version}".upcase.tr("-", "_") new(key_env_var: key_env_var, key_encrypting_key: kek).write(dek.key) { keystore: :environment, cipher_name: dek.cipher_name, version: version, key_env_var: key_env_var, iv: dek.iv, key_encrypting_key: { key: kek.key, iv: kek.iv } } end |
Instance Method Details
#read ⇒ Object
Returns the Encryption key in the clear.
41 42 43 44 45 46 47 |
# File 'lib/symmetric_encryption/keystore/environment.rb', line 41 def read encrypted = ENV[key_env_var] raise "The Environment Variable #{key_env_var} must be set with the encrypted encryption key." unless encrypted binary = encoder.decode(encrypted) key_encrypting_key.decrypt(binary) end |
#write(key) ⇒ Object
Write the encrypted Encryption key to ‘encrypted_key` attribute.
50 51 52 53 54 55 56 |
# File 'lib/symmetric_encryption/keystore/environment.rb', line 50 def write(key) encrypted_key = key_encrypting_key.encrypt(key) puts "\n\n********************************************************************************" puts "Set the environment variable as follows:" puts " export #{key_env_var}=\"#{encoder.encode(encrypted_key)}\"" puts "********************************************************************************" end |