class Portunus::Rotators::Kek

Attributes

data_encryption_key[R]
unencrypted_dek[R]

Public Class Methods

for(data_encryption_key) click to toggle source
# File lib/portunus/rotators/kek.rb, line 4
def self.for(data_encryption_key)
  new(data_encryption_key).rotate
end
new(data_encryption_key) click to toggle source
# File lib/portunus/rotators/kek.rb, line 8
def initialize(data_encryption_key)
  @data_encryption_key = data_encryption_key
  @unencrypted_dek = data_encryption_key.key
end

Public Instance Methods

rotate() click to toggle source
# File lib/portunus/rotators/kek.rb, line 13
def rotate
  data_encryption_key.master_keyname = new_master_key_name
  data_encryption_key.encrypted_key = encrypted_dek_with_new_master
  data_encryption_key.last_kek_rotation = DateTime.now
  data_encryption_key.save!
end

Private Instance Methods

encrypted_dek_with_new_master() click to toggle source
# File lib/portunus/rotators/kek.rb, line 24
def encrypted_dek_with_new_master
  Portunus.configuration.encrypter.encrypt(
    key: new_master_key.value,
    value: unencrypted_dek
  )
end
master_keys() click to toggle source
# File lib/portunus/rotators/kek.rb, line 41
def master_keys
  Portunus.configuration.storage_adaptor.list
end
new_master_key() click to toggle source
# File lib/portunus/rotators/kek.rb, line 31
def new_master_key
  @_new_master_key ||= ::Portunus.configuration.storage_adaptor.lookup(
    new_master_key_name.to_sym
  )
end
new_master_key_name() click to toggle source
# File lib/portunus/rotators/kek.rb, line 45
def new_master_key_name
  @_new_master_key_name ||= (master_keys - wrapped_current_master_key).
    sample
end
wrapped_current_master_key() click to toggle source
# File lib/portunus/rotators/kek.rb, line 37
def wrapped_current_master_key
  [data_encryption_key.master_keyname.to_sym]
end