class KmsEncrypted::Clients::Vault
Public Instance Methods
decrypt(ciphertext, context: nil)
click to toggle source
# File lib/kms_encrypted/clients/vault.rb, line 18 def decrypt(ciphertext, context: nil) options = { ciphertext: ciphertext } options[:context] = generate_context(context) if context response = begin KmsEncrypted.vault_client.logical.write( "transit/decrypt/#{key_id.sub("vault/", "")}", options ) rescue ::Vault::HTTPClientError => e decryption_failed! if e.message.include?("unable to decrypt") raise e rescue ::Vault::HTTPServerError => e decryption_failed! if e.message.include?("message authentication failed") raise e rescue Encoding::UndefinedConversionError decryption_failed! end Base64.decode64(response.data[:plaintext]) end
encrypt(plaintext, context: nil)
click to toggle source
# File lib/kms_encrypted/clients/vault.rb, line 4 def encrypt(plaintext, context: nil) options = { plaintext: Base64.encode64(plaintext) } options[:context] = generate_context(context) if context response = KmsEncrypted.vault_client.logical.write( "transit/encrypt/#{key_id.sub("vault/", "")}", options ) response.data[:ciphertext] end
Private Instance Methods
generate_context(context)
click to toggle source
turn hash into json
Calls superclass method
KmsEncrypted::Clients::Base#generate_context
# File lib/kms_encrypted/clients/vault.rb, line 46 def generate_context(context) Base64.encode64(super) end