class KmsEncrypted::Clients::Aws

Public Instance Methods

decrypt(ciphertext, context: nil) click to toggle source
# File lib/kms_encrypted/clients/aws.rb, line 14
def decrypt(ciphertext, context: nil)
  options = {
    ciphertext_blob: ciphertext
  }
  options[:encryption_context] = generate_context(context) if context

  begin
    KmsEncrypted.aws_client.decrypt(options).plaintext
  rescue ::Aws::KMS::Errors::InvalidCiphertextException
    decryption_failed!
  end
end
encrypt(plaintext, context: nil) click to toggle source
# File lib/kms_encrypted/clients/aws.rb, line 4
def encrypt(plaintext, context: nil)
  options = {
    key_id: key_id,
    plaintext: plaintext
  }
  options[:encryption_context] = generate_context(context) if context

  KmsEncrypted.aws_client.encrypt(options).ciphertext_blob
end

Private Instance Methods

generate_context(context) click to toggle source

make integers strings for convenience

# File lib/kms_encrypted/clients/aws.rb, line 30
def generate_context(context)
  raise ArgumentError, "Context must be a hash" unless context.is_a?(Hash)
  Hash[context.map { |k, v| [k, context_value(v)] }]
end