Sha256: 09664e0d2222c404f261391cb7f84f7aebcd311445bcfdd4e78a237cd0c7b286
Contents?: true
Size: 1.54 KB
Versions: 6
Compression:
Stored size: 1.54 KB
Contents
module KmsEncrypted
class Client
delegate :encrypt, :decrypt, to: :client
attr_reader :key_id, :data_key
def initialize(key_id: nil, legacy_context: false, data_key: false)
@key_id = key_id || ENV["KMS_KEY_ID"]
@legacy_context = legacy_context
@data_key = data_key
end
def encrypt(plaintext, context: nil)
event = {
key_id: key_id,
context: context,
data_key: data_key
}
ActiveSupport::Notifications.instrument("encrypt.kms_encrypted", event) do
client.encrypt(plaintext, context: context)
end
end
def decrypt(ciphertext, context: nil)
event = {
key_id: key_id,
context: context,
data_key: data_key
}
ActiveSupport::Notifications.instrument("decrypt.kms_encrypted", event) do
client.decrypt(ciphertext, context: context)
end
end
private
def provider
if key_id == "insecure-test-key"
:test
elsif key_id.start_with?("vault/")
:vault
elsif key_id.start_with?("projects/")
:google
else
:aws
end
end
def client
@client ||= begin
klass =
case provider
when :test
KmsEncrypted::Clients::Test
when :vault
KmsEncrypted::Clients::Vault
when :google
KmsEncrypted::Clients::Google
else
KmsEncrypted::Clients::Aws
end
klass.new(key_id: key_id, legacy_context: @legacy_context)
end
end
end
end
Version data entries
6 entries across 6 versions & 1 rubygems