lib/vault/rails.rb in vault-rails-0.6.0 vs lib/vault/rails.rb in vault-rails-0.7.0
- old
+ new
@@ -139,10 +139,38 @@
else
raise Vault::Rails::UnknownSerializerError.new(key)
end
end
+ def transform_encode(plaintext, opts={})
+ return plaintext if plaintext&.empty?
+ request_opts = {}
+ request_opts[:value] = plaintext
+
+ if opts[:transformation]
+ request_opts[:transformation] = opts[:transformation]
+ end
+
+ role_name = transform_role_name(opts)
+ client.transform.encode(role_name: role_name, **request_opts)
+ end
+
+ def transform_decode(ciphertext, opts={})
+ return ciphertext if ciphertext&.empty?
+ request_opts = {}
+ request_opts[:value] = ciphertext
+
+ if opts[:transformation]
+ request_opts[:transformation] = opts[:transformation]
+ end
+
+ role_name = transform_role_name(opts)
+ puts request_opts
+ client.transform.decode(role_name: role_name, **request_opts)
+ end
+
+
protected
# Perform in-memory encryption. This is useful for testing and development.
def memory_encrypt(path, key, plaintext, client: , context: nil)
log_warning(DEV_WARNING) if self.in_memory_warnings_enabled?
@@ -240,9 +268,13 @@
def log_warning(msg)
if defined?(::Rails) && ::Rails.logger != nil
::Rails.logger.warn { msg }
end
+ end
+
+ def transform_role_name(opts)
+ opts[:role] || self.default_role_name || self.application
end
end
end
end