module KmsEncrypted
Constants
- VERSION
Attributes
aws_client[W]
google_client[W]
key_id[W]
vault_client[W]
Public Class Methods
aws_client()
click to toggle source
# File lib/kms_encrypted.rb, line 32 def aws_client @aws_client ||= Aws::KMS::Client.new( retry_limit: 1, http_open_timeout: 2, http_read_timeout: 2 ) end
context_hash(context, path:)
click to toggle source
hash is independent of key, but specific to audit device
# File lib/kms_encrypted.rb, line 63 def context_hash(context, path:) context = Base64.encode64(context.to_json) vault_client.logical.write("sys/audit-hash/#{path}", input: context).data[:hash] end
google_client()
click to toggle source
# File lib/kms_encrypted.rb, line 40 def google_client @google_client ||= begin require "google/apis/cloudkms_v1" client = ::Google::Apis::CloudkmsV1::CloudKMSService.new client.authorization = ::Google::Auth.get_application_default( "https://www.googleapis.com/auth/cloud-platform" ) client.client_options.log_http_requests = false client.client_options.open_timeout_sec = 2 client.client_options.read_timeout_sec = 2 client end end
key_id()
click to toggle source
# File lib/kms_encrypted.rb, line 58 def key_id @key_id ||= ENV["KMS_KEY_ID"] end
vault_client()
click to toggle source
# File lib/kms_encrypted.rb, line 54 def vault_client @vault_client ||= ::Vault::Client.new end