class SymmetricEncryption::Keystore::Environment

Store the encrypted encryption key in an environment variable

Attributes

encoding[RW]
key_env_var[RW]

Public Class Methods

generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args) click to toggle source

Returns [Hash] a new keystore configuration after generating the data key.

Increments the supplied version number by 1.

# File lib/symmetric_encryption/keystore/environment.rb, line 10
def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args)
  version >= 255 ? (version = 1) : (version += 1)

  kek = SymmetricEncryption::Key.new(cipher_name: cipher_name)
  dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name)

  key_env_var = "#{app_name}_#{environment}_v#{version}".upcase.tr("-", "_")
  new(key_env_var: key_env_var, key_encrypting_key: kek).write(dek.key)

  {
    keystore:           :environment,
    cipher_name:        dek.cipher_name,
    version:            version,
    key_env_var:        key_env_var,
    iv:                 dek.iv,
    key_encrypting_key: {
      key: kek.key,
      iv:  kek.iv
    }
  }
end
new(key_encrypting_key:, key_env_var:, encoding: :base64strict) click to toggle source

Stores the Encryption key in an environment var. Secures the Encryption key by encrypting it with a key encryption key.

# File lib/symmetric_encryption/keystore/environment.rb, line 34
def initialize(key_encrypting_key:, key_env_var:, encoding: :base64strict)
  @key_env_var        = key_env_var
  @key_encrypting_key = key_encrypting_key
  @encoding           = encoding
end

Public Instance Methods

read() click to toggle source

Returns the Encryption key in the clear.

# File lib/symmetric_encryption/keystore/environment.rb, line 41
def read
  encrypted = ENV[key_env_var]
  raise "The Environment Variable #{key_env_var} must be set with the encrypted encryption key." unless encrypted

  binary = encoder.decode(encrypted)
  key_encrypting_key.decrypt(binary)
end
write(key) click to toggle source

Write the encrypted Encryption key to `encrypted_key` attribute.

# File lib/symmetric_encryption/keystore/environment.rb, line 50
def write(key)
  encrypted_key = key_encrypting_key.encrypt(key)
  puts "\n\n********************************************************************************"
  puts "Set the environment variable as follows:"
  puts "  export #{key_env_var}=\"#{encoder.encode(encrypted_key)}\""
  puts "********************************************************************************"
end

Private Instance Methods

encoder() click to toggle source

Returns [SymmetricEncryption::Encoder] the encoder to use for the current encoding.

# File lib/symmetric_encryption/keystore/environment.rb, line 61
def encoder
  @encoder ||= SymmetricEncryption::Encoder[encoding]
end