RubygemsResearch

Sha256: e4597ff37e809a7767692089e8b09c21281041fa157170a49ed85bfdadbb1ce7

Contents?: true

Size: 1.21 KB

Versions: 8

Compression:

Stored size: 1.21 KB

module KmsEncrypted
  module Clients
    class Vault < Base
      def encrypt(plaintext, context: nil)
        options = {
          plaintext: Base64.encode64(plaintext)
        }
        options[:context] = generate_context(context) if context

        response = KmsEncrypted.vault_client.logical.write(
          "transit/encrypt/#{key_id.sub("vault/", "")}",
          options
        )

        response.data[:ciphertext]
      end

      def decrypt(ciphertext, context: nil)
        options = {
          ciphertext: ciphertext
        }
        options[:context] = generate_context(context) if context

        response =
          begin
            KmsEncrypted.vault_client.logical.write(
              "transit/decrypt/#{key_id.sub("vault/", "")}",
              options
            )
          rescue ::Vault::HTTPClientError => e
            decryption_failed! if e.message.include?("unable to decrypt")
            raise e
          rescue Encoding::UndefinedConversionError
            decryption_failed!
          end

        Base64.decode64(response.data[:plaintext])
      end

      private

      # turn hash into json
      def generate_context(context)
        Base64.encode64(super)
      end
    end
  end
end

Version data entries

8 entries across 8 versions & 1 rubygems

Version	Path
kms_encrypted-1.2.3	lib/kms_encrypted/clients/vault.rb
kms_encrypted-1.2.2	lib/kms_encrypted/clients/vault.rb
kms_encrypted-1.2.1	lib/kms_encrypted/clients/vault.rb
kms_encrypted-1.2.0	lib/kms_encrypted/clients/vault.rb
kms_encrypted-1.1.1	lib/kms_encrypted/clients/vault.rb
kms_encrypted-1.1.0	lib/kms_encrypted/clients/vault.rb
kms_encrypted-1.0.1	lib/kms_encrypted/clients/vault.rb
kms_encrypted-1.0.0	lib/kms_encrypted/clients/vault.rb