class YamlVault::Main::ValueCryptor::GCPKMS

Public Class Methods

new(resource_id, credential_file) click to toggle source
# File lib/yaml_vault.rb, line 151
def initialize(resource_id, credential_file)
  raise "Need key resource id" unless resource_id
  begin
    require 'googleauth'
    require 'google/apis/cloudkms_v1'
  rescue LoadError
    puts "Please install google-api-client (>= 0.11.0)"
    exit 1
  end

  scope = [
    'https://www.googleapis.com/auth/cloud-platform'
  ]

  @resource_id = resource_id
  @client = Google::Apis::CloudkmsV1::CloudKMSService.new
  if credential_file
    @client.authorization = Google::Auth::DefaultCredentials.make_creds(
      json_key_io: File.open(credential_file),
      scope: scope
    )
  else
    @client.authorization = Google::Auth.get_application_default(scope)
  end
end

Public Instance Methods

decrypt(value) click to toggle source
# File lib/yaml_vault.rb, line 182
def decrypt(value)
  response = @client.decrypt_crypto_key(@resource_id, {ciphertext: Base64.strict_decode64(value)}, {})
  YAML.load(response.plaintext)
end
encrypt(value) click to toggle source
# File lib/yaml_vault.rb, line 177
def encrypt(value)
  response = @client.encrypt_crypto_key(@resource_id, {plaintext: YAML.dump(value)}, {})
  Base64.strict_encode64(response.ciphertext)
end