class SymmetricEncryption::Keystore::Gcp

Constants

KMS

Attributes

app_name[R]
environment[R]

Public Class Methods

generate_data_key(cipher_name:, app_name:, environment:, key_path:, version: 0) click to toggle source
# File lib/symmetric_encryption/keystore/gcp.rb, line 8
def self.generate_data_key(cipher_name:, app_name:, environment:, key_path:, version: 0)
  version >= 255 ? (version = 1) : (version += 1)

  dek       = SymmetricEncryption::Key.new(cipher_name: cipher_name)
  file_name = "#{key_path}/#{app_name}_#{environment}_v#{version}.encrypted_key"
  keystore  = new(
    key_file:    file_name,
    app_name:    app_name,
    environment: environment
  )
  keystore.write(dek.key)

  {
    keystore:    :gcp,
    cipher_name: dek.cipher_name,
    version:     version,
    key_file:    file_name,
    iv:          dek.iv,
    crypto_key:  keystore.crypto_key
  }
end
new(key_file:, app_name: nil, environment: nil, key_encrypting_key: nil, crypto_key: nil, project_id: nil, credentials: nil, location_id: nil) click to toggle source
# File lib/symmetric_encryption/keystore/gcp.rb, line 30
def initialize(key_file:, app_name: nil, environment: nil, key_encrypting_key: nil, crypto_key: nil, project_id: nil, credentials: nil, location_id: nil)
  @crypto_key  = crypto_key
  @app_name    = app_name
  @environment = environment
  @file_name   = key_file
  @project_id  = project_id
  @credentials = credentials
  @location_id = location_id
end

Public Instance Methods

crypto_key() click to toggle source
# File lib/symmetric_encryption/keystore/gcp.rb, line 48
def crypto_key
  @crypto_key ||= self.class::KMS::KeyManagementServiceClient.crypto_key_path(project_id, location_id, app_name,
                                                                              environment.to_s)
end
read() click to toggle source
# File lib/symmetric_encryption/keystore/gcp.rb, line 40
def read
  decrypt(read_file_and_decode(file_name))
end
write(data_key) click to toggle source
# File lib/symmetric_encryption/keystore/gcp.rb, line 44
def write(data_key)
  write_encoded_to_file(file_name, encrypt(data_key))
end

Private Instance Methods

client() click to toggle source
# File lib/symmetric_encryption/keystore/gcp.rb, line 67
def client
  self.class::KMS::KeyManagementServiceClient.new(timeout: 2, credentials: credentials)
end
credentials() click to toggle source
# File lib/symmetric_encryption/keystore/gcp.rb, line 78
def credentials
  @credentials ||= ENV["GOOGLE_CLOUD_KEYFILE"]
  raise "GOOGLE_CLOUD_KEYFILE must be set" if @credentials.nil?

  @credentials
end
decrypt(ciphertext) click to toggle source
# File lib/symmetric_encryption/keystore/gcp.rb, line 63
def decrypt(ciphertext)
  client.decrypt(crypto_key, ciphertext).plaintext
end
encrypt(plaintext) click to toggle source
# File lib/symmetric_encryption/keystore/gcp.rb, line 59
def encrypt(plaintext)
  client.encrypt(crypto_key, plaintext).ciphertext
end
location_id() click to toggle source
# File lib/symmetric_encryption/keystore/gcp.rb, line 85
def location_id
  @location_id ||= ENV["GOOGLE_CLOUD_LOCATION"] || "global"
end
project_id() click to toggle source
# File lib/symmetric_encryption/keystore/gcp.rb, line 71
def project_id
  @project_id ||= ENV["GOOGLE_CLOUD_PROJECT"]
  raise "GOOGLE_CLOUD_PROJECT must be set" if @project_id.nil?

  @project_id
end