lib/symmetric_encryption/utils/aws.rb in symmetric-encryption-4.1.0.beta1 vs lib/symmetric_encryption/utils/aws.rb in symmetric-encryption-4.1.0
- old
+ new
@@ -13,11 +13,11 @@
# TODO: Map to OpenSSL ciphers
AWS_KEY_SPEC_MAP = {
'aes-256-cbc' => 'AES_256',
'aes-128-cbc' => 'AES_128'
- }
+ }.freeze
# TODO: Move to Keystore::Aws
# Rotate the Customer Master key in each of the supplied regions.
# After the master key has been rotated, use `.write_key_files` to generate
# a new DEK and re-encrypt with the new CMK in each region.
@@ -66,10 +66,11 @@
# Returns the AWS KMS key spec that matches the supplied OpenSSL cipher name
def key_spec(cipher_name)
key_spec = AWS_KEY_SPEC_MAP[cipher_name]
raise("OpenSSL Cipher: #{cipher_name} has not yet been mapped to an AWS key spec.") unless key_spec
+
key_spec
end
# Creates a new master key along with an alias that points to it.
# Returns [String] the new master key id that was created.
@@ -110,13 +111,13 @@
# TODO: Add error handling and retry
resp = client.create_key(
description: 'Symmetric Encryption for Ruby Customer Masker Key',
tags: [
- {tag_key: 'CreatedAt', tag_value: Time.now.to_s},
- {tag_key: 'CreatedBy', tag_value: whoami}
- ]
+ {tag_key: 'CreatedAt', tag_value: Time.now.to_s},
+ {tag_key: 'CreatedBy', tag_value: whoami}
+ ]
)
resp.key_metadata.key_id
end
def create_alias(key_id)
@@ -128,9 +129,10 @@
def auto_create_master_key
attempt = 1
yield
rescue ::Aws::KMS::Errors::NotFoundException
raise if attempt >= 2
+
create_master_key
attempt += 1
retry
end
end