class Portunus::Rotators::Kek
Attributes
data_encryption_key[R]
unencrypted_dek[R]
Public Class Methods
for(data_encryption_key)
click to toggle source
# File lib/portunus/rotators/kek.rb, line 4 def self.for(data_encryption_key) new(data_encryption_key).rotate end
new(data_encryption_key)
click to toggle source
# File lib/portunus/rotators/kek.rb, line 8 def initialize(data_encryption_key) @data_encryption_key = data_encryption_key @unencrypted_dek = data_encryption_key.key end
Public Instance Methods
rotate()
click to toggle source
# File lib/portunus/rotators/kek.rb, line 13 def rotate data_encryption_key.master_keyname = new_master_key_name data_encryption_key.encrypted_key = encrypted_dek_with_new_master data_encryption_key.last_kek_rotation = DateTime.now data_encryption_key.save! end
Private Instance Methods
encrypted_dek_with_new_master()
click to toggle source
# File lib/portunus/rotators/kek.rb, line 24 def encrypted_dek_with_new_master Portunus.configuration.encrypter.encrypt( key: new_master_key.value, value: unencrypted_dek ) end
master_keys()
click to toggle source
# File lib/portunus/rotators/kek.rb, line 41 def master_keys Portunus.configuration.storage_adaptor.list end
new_master_key()
click to toggle source
# File lib/portunus/rotators/kek.rb, line 31 def new_master_key @_new_master_key ||= ::Portunus.configuration.storage_adaptor.lookup( new_master_key_name.to_sym ) end
new_master_key_name()
click to toggle source
# File lib/portunus/rotators/kek.rb, line 45 def new_master_key_name @_new_master_key_name ||= (master_keys - wrapped_current_master_key). sample end
wrapped_current_master_key()
click to toggle source
# File lib/portunus/rotators/kek.rb, line 37 def wrapped_current_master_key [data_encryption_key.master_keyname.to_sym] end