Class: DynamoSecret::Kms

Inherits:

Object

• Object
• DynamoSecret::Kms

Defined in:

lib/dynamo_secret/kms.rb

Instance Method Summary

• #create_key ⇒ Object
• #decrypt(data) ⇒ Object
• #encrypt(data) ⇒ Object
• #initialize(config) ⇒ Kms constructor

  A new instance of Kms.

• #key ⇒ Object

Constructor Details

#initialize(config) ⇒ Kms

Returns a new instance of Kms.

# File 'lib/dynamo_secret/kms.rb', line 6

def initialize(config)
  @key_name = config[:key_name] || key_name
  @region = config.fetch(:region, region)
end

Instance Method Details

#create_key ⇒ Object

# File 'lib/dynamo_secret/kms.rb', line 11

def create_key
  return $stdout.puts "KMS alias #{@key_name} already exists" if key
  id = client.create_key(tags: [{ tag_key: 'Owner', tag_value: user_id }]).key_metadata.key_id
  client.create_alias(alias_name: "alias/#{@key_name}", target_key_id: id)
end

#decrypt(data) ⇒ Object

# File 'lib/dynamo_secret/kms.rb', line 17

def decrypt(data)
  client.decrypt(ciphertext_blob: data).plaintext
rescue Aws::KMS::Errors::InvalidCiphertextException
  $stderr.puts 'Key was found but KMS decrypt failed - skipping'
  data
end

#encrypt(data) ⇒ Object

# File 'lib/dynamo_secret/kms.rb', line 24

def encrypt(data)
  client.encrypt(key_id: key, plaintext: data).ciphertext_blob
end

#key ⇒ Object

# File 'lib/dynamo_secret/kms.rb', line 28

def key
  @key ||= client.list_aliases.aliases.map do |kms_alias|
    kms_alias.target_key_id if kms_alias.alias_name == "alias/#{@key_name}"
  end.compact.first
end