lib/legion/crypt/cipher.rb in legion-crypt-0.2.3 vs lib/legion/crypt/cipher.rb in legion-crypt-0.3.0

@@ -46,14 +46,14 @@
                            OpenSSL::PKey::RSA.new 2048
                          end
       end
 
       def cs
-        @cs ||= Digest::SHA256.digest fetch_cs
+        @cs ||= Digest::SHA256.digest(fetch_cs)
       end
 
-      def fetch_cs # rubocop:disable Metrics/AbcSize
+      def fetch_cs # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity,Metrics/CyclomaticComplexity
         if Legion::Settings[:crypt][:vault][:read_cluster_secret] && Legion::Settings[:crypt][:vault][:connected] && Legion::Crypt.exist?('crypt') # rubocop:disable Layout/LineLength
           Legion::Crypt.get('crypt')[:cluster_secret]
         elsif Legion::Settings[:crypt][:cluster_secret].is_a? String
           Legion::Settings[:crypt][:cluster_secret]
         elsif Legion::Transport::Queue.new('node.crypt', passive: true).consumer_count.zero?
@@ -66,25 +66,34 @@
           sleep_time = 0.001
           until !Legion::Settings[:crypt][:cluster_secret].nil? || (Time.now - start) > Legion::Settings[:crypt][:cluster_secret_timeout]
             sleep(sleep_time)
             sleep_time *= 2 unless sleep_time > 0.5
           end
-          unless Legion::Settings[:crypt][:cluster_secret].nil?
+
+          if Legion::Settings[:crypt][:cluster_secret].nil?
+            Legion::Logging.warn 'Cluster secret is still nil'
+          else
             Legion::Logging.info "Received cluster secret in #{((Time.new - start) * 1000.0).round}ms"
           end
-          Legion::Logging.warn 'Cluster secret is still nil' if Legion::Settings[:crypt][:cluster_secret].nil?
-        else
-          Legion::Settings[:crypt][:cluster_secret] = generate_secure_random
         end
-        Legion::Settings[:crypt][:cs_encrypt_ready] = true
-        Legion::Settings[:crypt][:cluster_secret]
       rescue StandardError => e
         Legion::Logging.error(e.message)
         Legion::Logging.error(e.backtrace)
+      ensure
+        Legion::Settings[:crypt][:cluster_secret] = generate_secure_random unless Legion::Settings[:crypt].key? :cluster_secret
+        nil if Legion::Settings[:crypt][:cluster_secret].nil?
 
-        Legion::Settings[:crypt][:cluster_secret] = generate_secure_random
         Legion::Settings[:crypt][:cs_encrypt_ready] = true
-        Legion::Settings[:crypt][:cluster_secret]
+        push_cs_to_vault if Legion::Settings[:crypt][:vault][:push_cs_to_vault]
+
+        return Legion::Settings[:crypt][:cluster_secret] # rubocop:disable Lint/EnsureReturn
+      end
+
+      def push_cs_to_vault
+        return false unless Legion::Settings[:crypt][:vault][:connected] && Legion::Settings[:crypt][:cluster_secret]
+
+        Legion::Logging.info 'Pushing Cluster Secret to Vault'
+        Legion::Crypt.write('cluster', secret: Legion::Settings[:crypt][:cluster_secret])
       end
 
       def generate_secure_random
         SecureRandom.uuid
       end