lib/kms_encrypted.rb in kms_encrypted-0.3.0 vs lib/kms_encrypted.rb in kms_encrypted-1.0.0
- old
+ new
@@ -1,22 +1,37 @@
# dependencies
require "active_support"
+require "base64"
+require "json"
+require "securerandom"
# modules
+require "kms_encrypted/database"
require "kms_encrypted/log_subscriber"
require "kms_encrypted/model"
require "kms_encrypted/version"
+# clients
+require "kms_encrypted/client"
+require "kms_encrypted/clients/base"
+require "kms_encrypted/clients/aws"
+require "kms_encrypted/clients/google"
+require "kms_encrypted/clients/test"
+require "kms_encrypted/clients/vault"
+
module KmsEncrypted
+ class Error < StandardError; end
+ class DecryptionError < Error; end
+
class << self
attr_writer :aws_client
attr_writer :google_client
attr_writer :vault_client
def aws_client
@aws_client ||= Aws::KMS::Client.new(
- retry_limit: 2,
+ retry_limit: 1,
http_open_timeout: 2,
http_read_timeout: 2
)
end
@@ -25,15 +40,24 @@
require "google/apis/cloudkms_v1"
client = ::Google::Apis::CloudkmsV1::CloudKMSService.new
client.authorization = ::Google::Auth.get_application_default(
"https://www.googleapis.com/auth/cloud-platform"
)
+ client.client_options.log_http_requests = false
+ client.client_options.open_timeout_sec = 2
+ client.client_options.read_timeout_sec = 2
client
end
end
def vault_client
- @vault_client ||= ::Vault
+ @vault_client ||= ::Vault::Client.new
+ end
+
+ # hash is independent of key, but specific to audit device
+ def context_hash(context, path:)
+ context = Base64.encode64(context.to_json)
+ vault_client.logical.write("sys/audit-hash/#{path}", input: context).data[:hash]
end
end
end
ActiveSupport.on_load(:active_record) do