lib/symmetric_encryption/keystore.rb in symmetric-encryption-4.0.0.beta3 vs lib/symmetric_encryption/keystore.rb in symmetric-encryption-4.0.0

@@ -71,20 +71,21 @@
         # Only rotate keys for specified environments. Default, all
         next if !environments.empty? && !environments.include?(environment.to_sym)
 
         config = cfg[:ciphers].first
 
+        # Only generate new keys for keystore's that have a key encrypting key
+        next unless config[:key_encrypting_key]
+
         version = config.delete(:version) || 1
         version -= 1
-        config.delete(:always_add_header)
-        config.delete(:encoding)
 
+        always_add_header = config.delete(:always_add_header)
+        encoding          = config.delete(:encoding)
+
         Key.migrate_config!(config)
 
-        # Only generate new keys for keystore's that have a key encrypting key
-        next unless config[:key_encrypting_key]
-
         # The current data encrypting key without any of the key encrypting keys.
         key            = Key.from_config(config)
         cipher_name    = key.cipher_name
         new_key_config =
           if config.has_key?(:key_filename)
@@ -94,10 +95,11 @@
             Keystore::Environment.new_key_config(cipher_name: cipher_name, app_name: app_name, version: version, environment: environment, dek: key)
           elsif config.has_key?(:encrypted_key)
             Keystore::Memory.new_key_config(cipher_name: cipher_name, app_name: app_name, version: version, environment: environment, dek: key)
           end
 
-        new_key_config
+        new_key_config[:always_add_header] = always_add_header
+        new_key_config[:encoding]          = encoding
 
         # Replace existing config entry
         cfg[:ciphers].shift
         cfg[:ciphers].unshift(new_key_config)
       end