Class: SymmetricEncryption::Keystore::Environment

Inherits:

Memory

• Object
• Memory
• SymmetricEncryption::Keystore::Environment

Defined in:

lib/symmetric_encryption/keystore/environment.rb

Overview

Store the encrypted encryption key in an environment variable

Direct Known Subclasses

Heroku

Instance Attribute Summary

• #encoding ⇒ Object

  Returns the value of attribute encoding.

• #key_env_var ⇒ Object

  Returns the value of attribute key_env_var.

Attributes inherited from Memory

#encrypted_key, #key_encrypting_key

Class Method Summary

• .generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args) ⇒ Object

  Returns [Hash] a new keystore configuration after generating the data key.

Instance Method Summary

• #initialize(key_encrypting_key:, key_env_var:, encoding: :base64strict) ⇒ Environment constructor

  Stores the Encryption key in an environment var.

• #read ⇒ Object

  Returns the Encryption key in the clear.

• #write(key) ⇒ Object

  Write the encrypted Encryption key to ‘encrypted_key` attribute.

Constructor Details

#initialize(key_encrypting_key:, key_env_var:, encoding: :base64strict) ⇒ Environment

Stores the Encryption key in an environment var. Secures the Encryption key by encrypting it with a key encryption key.

# File 'lib/symmetric_encryption/keystore/environment.rb', line 34

def initialize(key_encrypting_key:, key_env_var:, encoding: :base64strict)
  @key_env_var        = key_env_var
  @key_encrypting_key = key_encrypting_key
  @encoding           = encoding
end

Instance Attribute Details

#encoding ⇒ Object

Returns the value of attribute encoding.

# File 'lib/symmetric_encryption/keystore/environment.rb', line 5

def encoding
  @encoding
end

#key_env_var ⇒ Object

Returns the value of attribute key_env_var.

# File 'lib/symmetric_encryption/keystore/environment.rb', line 5

def key_env_var
  @key_env_var
end

Class Method Details

.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args) ⇒ Object

Returns [Hash] a new keystore configuration after generating the data key.

Increments the supplied version number by 1.

# File 'lib/symmetric_encryption/keystore/environment.rb', line 10

def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args)
  version >= 255 ? (version = 1) : (version += 1)

  kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
  dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)

  key_env_var = "#{app_name}_#{environment}_v#{version}".upcase.tr("-", "_")
  new(key_env_var: key_env_var, key_encrypting_key: kek).write(dek.key)

  {
    keystore:           :environment,
    cipher_name:        dek.cipher_name,
    version:            version,
    key_env_var:        key_env_var,
    iv:                 dek.iv,
    key_encrypting_key: {
      key: kek.key,
      iv:  kek.iv
    }
  }
end

Instance Method Details

#read ⇒ Object

Returns the Encryption key in the clear.

# File 'lib/symmetric_encryption/keystore/environment.rb', line 41

def read
  encrypted = ENV[key_env_var]
  raise "The Environment Variable #{key_env_var} must be set with the encrypted encryption key." unless encrypted

  binary = encoder.decode(encrypted)
  key_encrypting_key.decrypt(binary)
end

#write(key) ⇒ Object

Write the encrypted Encryption key to ‘encrypted_key` attribute.

# File 'lib/symmetric_encryption/keystore/environment.rb', line 50

def write(key)
  encrypted_key = key_encrypting_key.encrypt(key)
  puts "\n\n********************************************************************************"
  puts "Set the environment variable as follows:"
  puts "  export #{key_env_var}=\"#{encoder.encode(encrypted_key)}\""
  puts "********************************************************************************"
end