class Portunus::Rotators::Dek

Attributes

data_encryption_key[R]

Public Class Methods

for(data_encryption_key) click to toggle source
# File lib/portunus/rotators/dek.rb, line 4
def self.for(data_encryption_key)
  new(data_encryption_key).rotate
end
new(data_encryption_key) click to toggle source
# File lib/portunus/rotators/dek.rb, line 8
def initialize(data_encryption_key)
  @data_encryption_key = data_encryption_key
end

Public Instance Methods

rotate() click to toggle source
# File lib/portunus/rotators/dek.rb, line 12
def rotate
  encryptable = data_encryption_key.encryptable

  if encryptable.blank?
    Rails.logger.debug("Dek id: #{data_encryption_key.id} is missing it's encryptable... deleting")
    data_encryption_key.destroy
    return true
  end

  Rails.logger.debug(
    "Rotating Encryptable: #{encryptable.class}, id: #{encryptable.id}"
  )

  ActiveRecord::Base.transaction do
    encryptable.class.encrypted_fields_list.map do |field_name|
      field_value_map[field_name.to_sym] = encryptable.send(field_name.to_sym)
    end

    data_encryption_key.update(encrypted_key: new_encrypted_key)
    encryptable.data_encryption_key.reload

    field_value_map.map do |field_name, value|
      encryptable.send("#{field_name}=".to_sym, value)
    end

    encryptable.save
    data_encryption_key.update(last_dek_rotation: DateTime.now)
  end

  true
rescue StandardError => error
  raise ::Portunus::Error.new(
    "Rotating DEK failed: #{error.full_message}"
  )
end

Private Instance Methods

encrypter() click to toggle source
# File lib/portunus/rotators/dek.rb, line 56
def encrypter
  ::Portunus.configuration.encrypter
end
field_value_map() click to toggle source
# File lib/portunus/rotators/dek.rb, line 60
def field_value_map
  @_field_value_map ||= {}
end
master_key() click to toggle source
# File lib/portunus/rotators/dek.rb, line 64
def master_key
  storage_adaptor.lookup(data_encryption_key.master_keyname)
end
new_encrypted_key() click to toggle source
# File lib/portunus/rotators/dek.rb, line 72
def new_encrypted_key
  encrypter.encrypt(
    key: master_key.value, value: new_plaintext_key
  )
end
new_plaintext_key() click to toggle source
# File lib/portunus/rotators/dek.rb, line 68
def new_plaintext_key
  @_new_plaintext_key ||= encrypter.generate_key
end
storage_adaptor() click to toggle source
# File lib/portunus/rotators/dek.rb, line 52
def storage_adaptor
  ::Portunus.configuration.storage_adaptor
end