lib/symmetric_encryption/keystore.rb in symmetric-encryption-4.3.1 vs lib/symmetric_encryption/keystore.rb in symmetric-encryption-4.3.2
- old
+ new
@@ -1,15 +1,15 @@
module SymmetricEncryption
# Encryption keys are secured in Keystores
module Keystore
# @formatter:off
- autoload :Aws, 'symmetric_encryption/keystore/aws'
- autoload :Environment, 'symmetric_encryption/keystore/environment'
- autoload :Gcp, 'symmetric_encryption/keystore/gcp'
- autoload :File, 'symmetric_encryption/keystore/file'
- autoload :Heroku, 'symmetric_encryption/keystore/heroku'
- autoload :Memory, 'symmetric_encryption/keystore/memory'
+ autoload :Aws, "symmetric_encryption/keystore/aws"
+ autoload :Environment, "symmetric_encryption/keystore/environment"
+ autoload :Gcp, "symmetric_encryption/keystore/gcp"
+ autoload :File, "symmetric_encryption/keystore/file"
+ autoload :Heroku, "symmetric_encryption/keystore/heroku"
+ autoload :Memory, "symmetric_encryption/keystore/memory"
# @formatter:on
# Returns [Hash] a new keystore configuration after generating data keys for each environment.
def self.generate_data_keys(keystore:, environments: %i[development test release production], **args)
keystore_class = keystore.is_a?(Symbol) || keystore.is_a?(String) ? constantize_symbol(keystore) : keystore
@@ -67,22 +67,22 @@
config = cfg[:ciphers].first
# Only generate new keys for keystore's that have a key encrypting key
next unless config[:key_encrypting_key] || config[:private_rsa_key]
- cipher_name = config[:cipher_name] || 'aes-256-cbc'
+ cipher_name = config[:cipher_name] || "aes-256-cbc"
keystore_class = keystore ? constantize_symbol(keystore) : keystore_for(config)
args = {
cipher_name: cipher_name,
app_name: app_name,
version: version,
environment: environment
}
args[:key_path] = ::File.dirname(config[:key_filename]) if config.key?(:key_filename)
- new_data_key = keystore_class.generate_data_key(args)
+ new_data_key = keystore_class.generate_data_key(**args)
# Add as second key so that key can be published now and only used in a later deploy.
if rolling_deploy
cfg[:ciphers].insert(1, new_data_key)
else
@@ -103,11 +103,11 @@
config = cfg[:ciphers].first
# Only generate new keys for keystore's that have a key encrypting key
next unless config[:key_encrypting_key]
- version = config.delete(:version) || 1
+ version = config.delete(:version) || 1
version -= 1
always_add_header = config.delete(:always_add_header)
encoding = config.delete(:encoding)
@@ -142,23 +142,23 @@
def self.dev_config
{
ciphers:
[
{
- key: '1234567890ABCDEF',
- iv: '1234567890ABCDEF',
- cipher_name: 'aes-128-cbc',
+ key: "1234567890ABCDEF",
+ iv: "1234567890ABCDEF",
+ cipher_name: "aes-128-cbc",
version: 1
}
]
}
end
# Returns [Key] by recursively navigating the config tree.
#
# Supports N level deep key encrypting keys.
- def self.read_key(key: nil, iv:, key_encrypting_key: nil, cipher_name: 'aes-256-cbc', keystore: nil, version: 0, **args)
+ def self.read_key(key: nil, iv:, key_encrypting_key: nil, cipher_name: "aes-256-cbc", keystore: nil, version: 0, **args)
if key_encrypting_key.is_a?(Hash)
# Recurse up the chain returning the parent key_encrypting_key
key_encrypting_key = read_key(cipher_name: cipher_name, **key_encrypting_key)
end
@@ -183,15 +183,15 @@
elsif config[:key_filename]
Keystore::File
elsif config[:key_env_var]
Keystore::Environment
else
- raise(ArgumentError, 'Unknown keystore supplied in config')
+ raise(ArgumentError, "Unknown keystore supplied in config")
end
end
- def self.constantize_symbol(symbol, namespace = 'SymmetricEncryption::Keystore')
+ def self.constantize_symbol(symbol, namespace = "SymmetricEncryption::Keystore")
klass = "#{namespace}::#{camelize(symbol.to_s)}"
begin
Object.const_get(klass)
rescue NameError
raise(ArgumentError, "Keystore: #{symbol.inspect} not found. Looking for: #{klass}")
@@ -201,11 +201,11 @@
# Borrow from Rails, when not running Rails
def self.camelize(term)
string = term.to_s
string = string.sub(/^[a-z\d]*/, &:capitalize)
string.gsub!(%r{(?:_|(/))([a-z\d]*)}i) { "#{Regexp.last_match(1)}#{Regexp.last_match(2).capitalize}" }
- string.gsub!('/'.freeze, '::'.freeze)
+ string.gsub!("/".freeze, "::".freeze)
string
end
# Migrate a prior config.
#
@@ -218,24 +218,24 @@
# Backward compatibility - Deprecated
private_rsa_key = config.delete(:private_rsa_key)
# Migrate old encrypted_iv
if (encrypted_iv = config.delete(:encrypted_iv)) && private_rsa_key
- encrypted_iv = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
- config[:iv] = ::Base64.decode64(encrypted_iv)
+ encrypted_iv = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
+ config[:iv] = ::Base64.decode64(encrypted_iv)
end
# Migrate old iv_filename
- if (file_name = config.delete(:iv_filename)) && private_rsa_key
+ if (file_name = config.delete(:iv_filename)) && private_rsa_key
encrypted_iv = ::File.read(file_name)
config[:iv] = RSAKey.new(private_rsa_key).decrypt(encrypted_iv)
end
# Backward compatibility - Deprecated
config[:key_encrypting_key] = RSAKey.new(private_rsa_key) if private_rsa_key
# Migrate old encrypted_key to new binary format
- if (encrypted_key = config[:encrypted_key]) && private_rsa_key
+ if (encrypted_key = config[:encrypted_key]) && private_rsa_key
config[:encrypted_key] = ::Base64.decode64(encrypted_key)
end
end
end
end