class KmsEncrypted::Clients::Vault

Public Instance Methods

decrypt(ciphertext, context: nil) click to toggle source
# File lib/kms_encrypted/clients/vault.rb, line 18
def decrypt(ciphertext, context: nil)
  options = {
    ciphertext: ciphertext
  }
  options[:context] = generate_context(context) if context

  response =
    begin
      KmsEncrypted.vault_client.logical.write(
        "transit/decrypt/#{key_id.sub("vault/", "")}",
        options
      )
    rescue ::Vault::HTTPClientError => e
      decryption_failed! if e.message.include?("unable to decrypt")
      raise e
    rescue ::Vault::HTTPServerError => e
      decryption_failed! if e.message.include?("message authentication failed")
      raise e
    rescue Encoding::UndefinedConversionError
      decryption_failed!
    end

  Base64.decode64(response.data[:plaintext])
end
encrypt(plaintext, context: nil) click to toggle source
# File lib/kms_encrypted/clients/vault.rb, line 4
def encrypt(plaintext, context: nil)
  options = {
    plaintext: Base64.encode64(plaintext)
  }
  options[:context] = generate_context(context) if context

  response = KmsEncrypted.vault_client.logical.write(
    "transit/encrypt/#{key_id.sub("vault/", "")}",
    options
  )

  response.data[:ciphertext]
end

Private Instance Methods

generate_context(context) click to toggle source

turn hash into json

# File lib/kms_encrypted/clients/vault.rb, line 46
def generate_context(context)
  Base64.encode64(super)
end