class AttrVault::Secret
Internal: Encapsulates a secret key, a 32-byte sequence consisting
of an encryption and a signing key.
Public Class Methods
new(secret)
click to toggle source
Internal - Initialize a Secret
secret - the secret, optionally encoded with either standard or
URL safe variants of Base64 encoding
Raises AttrVault::Secret::InvalidSecret if it cannot be decoded or is
not of the expected length
# File lib/attr_vault/secret.rb, line 16 def initialize(secret) if secret.bytesize == 32 @secret = secret else begin @secret = Base64.urlsafe_decode64(secret) rescue ArgumentError @secret = Base64.decode64(secret) end unless @secret.bytesize == 32 raise InvalidSecret, "Secret must be 32 bytes, instead got #{@secret.bytesize}" end end end
Public Instance Methods
encryption_key()
click to toggle source
Internal: Returns the portion of the secret token used for encryption
# File lib/attr_vault/secret.rb, line 33 def encryption_key @secret.slice(16, 16) end
signing_key()
click to toggle source
Internal: Returns the portion of the secret token used for signing
# File lib/attr_vault/secret.rb, line 38 def signing_key @secret.slice(0, 16) end
to_s()
click to toggle source
Public: String representation of this secret, masks to avoid leaks.
# File lib/attr_vault/secret.rb, line 43 def to_s "<AttrVault::Secret [masked]>" end