module KmsEncrypted

Constants

VERSION

Attributes

aws_client[W]
google_client[W]
key_id[W]
vault_client[W]

Public Class Methods

aws_client() click to toggle source
# File lib/kms_encrypted.rb, line 32
def aws_client
  @aws_client ||= Aws::KMS::Client.new(
    retry_limit: 1,
    http_open_timeout: 2,
    http_read_timeout: 2
  )
end
context_hash(context, path:) click to toggle source

hash is independent of key, but specific to audit device

# File lib/kms_encrypted.rb, line 63
def context_hash(context, path:)
  context = Base64.encode64(context.to_json)
  vault_client.logical.write("sys/audit-hash/#{path}", input: context).data[:hash]
end
google_client() click to toggle source
# File lib/kms_encrypted.rb, line 40
def google_client
  @google_client ||= begin
    require "google/apis/cloudkms_v1"
    client = ::Google::Apis::CloudkmsV1::CloudKMSService.new
    client.authorization = ::Google::Auth.get_application_default(
      "https://www.googleapis.com/auth/cloud-platform"
    )
    client.client_options.log_http_requests = false
    client.client_options.open_timeout_sec = 2
    client.client_options.read_timeout_sec = 2
    client
  end
end
key_id() click to toggle source
# File lib/kms_encrypted.rb, line 58
def key_id
  @key_id ||= ENV["KMS_KEY_ID"]
end
vault_client() click to toggle source
# File lib/kms_encrypted.rb, line 54
def vault_client
  @vault_client ||= ::Vault::Client.new
end