Module: KmsEnv

Defined in:

lib/kms-env.rb,
lib/kms-env/railtie.rb

Defined Under Namespace

Classes: Railtie

Class Method Summary

• .ciphertext_blob_for(text) ⇒ Object
• .kms ⇒ Object

  Load decrypted environment variables.

• .kms_decrypt_blob(blob) ⇒ Object
• .kms_key_matcher ⇒ Object
• .load ⇒ Object
• .logger ⇒ Object
• .plaintext_key_for(key) ⇒ Object
• .set_decrypted_env_for(key) ⇒ Object

Class Method Details

.ciphertext_blob_for(text) ⇒ Object

# File 'lib/kms-env.rb', line 24

def ciphertext_blob_for(text)
  Base64.decode64(text)
end

.kms ⇒ Object

Load decrypted environment variables

# File 'lib/kms-env.rb', line 20

def kms
  @kms ||= Aws::KMS::Client.new(region: ENV['AWS_REGION'] || 'us-east-1')
end

.kms_decrypt_blob(blob) ⇒ Object

# File 'lib/kms-env.rb', line 28

def kms_decrypt_blob(blob)
  kms.decrypt(ciphertext_blob: blob)
rescue Exception => e
  self.logger.error("Failed to decrypt env with error #{e.class}")
  if defined?(Honeybadger)
    Honeybadger.notify(e)
  end
end

.kms_key_matcher ⇒ Object

# File 'lib/kms-env.rb', line 46

def kms_key_matcher
  /_KMS$/
end

.load ⇒ Object

# File 'lib/kms-env.rb', line 50

def load
  ENV.keys.select {|k| k =~ kms_key_matcher}.each do |key|
    set_decrypted_env_for(key)
  end
end

.logger ⇒ Object

# File 'lib/kms-env.rb', line 8

def logger
  if defined?(Rails) and Rails.logger
    Rails.logger
  else
    Logger.new(STDERR)
  end
end

.plaintext_key_for(key) ⇒ Object

# File 'lib/kms-env.rb', line 37

def plaintext_key_for(key)
  key.gsub(kms_key_matcher, '')
end

.set_decrypted_env_for(key) ⇒ Object

# File 'lib/kms-env.rb', line 41

def set_decrypted_env_for(key)
  data = kms_decrypt_blob(ciphertext_blob_for(ENV[key]))
  ENV[plaintext_key_for(key)] = data.plaintext if data
end