class KmsEncrypted::Database

Attributes

key_method[R]
options[R]
record[R]

Public Class Methods

new(record, key_method) click to toggle source
# File lib/kms_encrypted/database.rb, line 5
def initialize(record, key_method)
  @record = record
  @key_method = key_method
  @options = record.class.kms_keys[key_method.to_sym]
end

Public Instance Methods

context(version) click to toggle source
# File lib/kms_encrypted/database.rb, line 23
def context(version)
  name = options[:name]
  context_method = name ? "kms_encryption_context_#{name}" : "kms_encryption_context"
  if record.method(context_method).arity == 0
    record.send(context_method)
  else
    record.send(context_method, version: version)
  end
end
decrypt(ciphertext) click to toggle source
# File lib/kms_encrypted/database.rb, line 43
def decrypt(ciphertext)
  # determine version for context
  m = /\Av(\d+):/.match(ciphertext)
  ciphertext_version = m ? m[1].to_i : 1
  context = (options[:upgrade_context] && !m) ? {} : context(ciphertext_version)

  KmsEncrypted::Box.new(
    key_id: key_id,
    version: version,
    previous_versions: previous_versions
  ).decrypt(ciphertext, context: context)
end
encrypt(plaintext) click to toggle source
# File lib/kms_encrypted/database.rb, line 33
def encrypt(plaintext)
  context = context(version)

  KmsEncrypted::Box.new(
    key_id: key_id,
    version: version,
    previous_versions: previous_versions
  ).encrypt(plaintext, context: context)
end
key_id() click to toggle source
# File lib/kms_encrypted/database.rb, line 15
def key_id
  @key_id ||= evaluate_option(:key_id)
end
previous_versions() click to toggle source
# File lib/kms_encrypted/database.rb, line 19
def previous_versions
  @previous_versions ||= evaluate_option(:previous_versions)
end
version() click to toggle source
# File lib/kms_encrypted/database.rb, line 11
def version
  @version ||= evaluate_option(:version).to_i
end

Private Instance Methods

evaluate_option(key) click to toggle source
# File lib/kms_encrypted/database.rb, line 58
def evaluate_option(key)
  opt = options[key]
  opt = record.instance_exec(&opt) if opt.respond_to?(:call)
  opt
end