class SymmetricEncryption::Keystore::Environment
Store the encrypted encryption key in an environment variable
Attributes
encoding[RW]
key_env_var[RW]
Public Class Methods
generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args)
click to toggle source
Returns [Hash] a new keystore configuration after generating the data key.
Increments the supplied version number by 1.
# File lib/symmetric_encryption/keystore/environment.rb, line 10 def self.generate_data_key(cipher_name:, app_name:, environment:, version: 0, dek: nil, **_args) version >= 255 ? (version = 1) : (version += 1) kek = SymmetricEncryption::Key.new(cipher_name: cipher_name) dek ||= SymmetricEncryption::Key.new(cipher_name: cipher_name) key_env_var = "#{app_name}_#{environment}_v#{version}".upcase.tr("-", "_") new(key_env_var: key_env_var, key_encrypting_key: kek).write(dek.key) { keystore: :environment, cipher_name: dek.cipher_name, version: version, key_env_var: key_env_var, iv: dek.iv, key_encrypting_key: { key: kek.key, iv: kek.iv } } end
new(key_encrypting_key:, key_env_var:, encoding: :base64strict)
click to toggle source
Stores the Encryption key in an environment var. Secures the Encryption key by encrypting it with a key encryption key.
# File lib/symmetric_encryption/keystore/environment.rb, line 34 def initialize(key_encrypting_key:, key_env_var:, encoding: :base64strict) @key_env_var = key_env_var @key_encrypting_key = key_encrypting_key @encoding = encoding end
Public Instance Methods
read()
click to toggle source
Returns the Encryption key in the clear.
# File lib/symmetric_encryption/keystore/environment.rb, line 41 def read encrypted = ENV[key_env_var] raise "The Environment Variable #{key_env_var} must be set with the encrypted encryption key." unless encrypted binary = encoder.decode(encrypted) key_encrypting_key.decrypt(binary) end
write(key)
click to toggle source
Write the encrypted Encryption key to `encrypted_key` attribute.
# File lib/symmetric_encryption/keystore/environment.rb, line 50 def write(key) encrypted_key = key_encrypting_key.encrypt(key) puts "\n\n********************************************************************************" puts "Set the environment variable as follows:" puts " export #{key_env_var}=\"#{encoder.encode(encrypted_key)}\"" puts "********************************************************************************" end
Private Instance Methods
encoder()
click to toggle source
Returns [SymmetricEncryption::Encoder] the encoder to use for the current encoding.
# File lib/symmetric_encryption/keystore/environment.rb, line 61 def encoder @encoder ||= SymmetricEncryption::Encoder[encoding] end