class Mongo::Crypt::KMS::Credentials

KMS Credentials object contains credentials for using KMS providers.

@api private

Attributes

aws[R]

@return [ Credentials::AWS | nil ] AWS KMS credentials.

azure[R]

@return [ Credentials::Azure | nil ] Azure KMS credentials.

gcp[R]

@return [ Credentials::GCP | nil ] GCP KMS credentials.

kmip[R]

@return [ Credentials::KMIP | nil ] KMIP KMS credentials.

local[R]

@return [ Credentials::Local | nil ] Local KMS credentials.

Public Class Methods

new(kms_providers) click to toggle source

Creates a KMS credentials object form a parameters hash.

@param [ Hash ] kms_providers A hash that contains credential for

KMS providers. The hash should have KMS provider names as keys,
and required parameters for every provider as values.
Required parameters for KMS providers are described in corresponding
classes inside Mongo::Crypt::KMS module.

@note There may be more than one KMS provider specified.

@raise [ ArgumentError ] If required options are missing or incorrectly

formatted.
# File lib/mongo/crypt/kms/credentials.rb, line 53
def initialize(kms_providers)
  if kms_providers.nil?
    raise ArgumentError.new("KMS providers options must not be nil")
  end
  if kms_providers.key?(:aws)
    @aws = AWS::Credentials.new(kms_providers[:aws])
  end
  if kms_providers.key?(:azure)
    @azure = Azure::Credentials.new(kms_providers[:azure])
  end
  if kms_providers.key?(:gcp)
    @gcp = GCP::Credentials.new(kms_providers[:gcp])
  end
  if kms_providers.key?(:kmip)
    @kmip = KMIP::Credentials.new(kms_providers[:kmip])
  end
  if kms_providers.key?(:local)
    @local = Local::Credentials.new(kms_providers[:local])
  end
  if @aws.nil? && @azure.nil? && @gcp.nil? && @kmip.nil? && @local.nil?
    raise ArgumentError.new(
      "KMS providers options must have one of the following keys: " +
      ":aws, :azure, :gcp, :kmip, :local"
    )
  end
end

Public Instance Methods

to_document() click to toggle source

Convert credentials object to a BSON document in libmongocrypt format.

@return [ BSON::Document ] Credentials as BSON document.

# File lib/mongo/crypt/kms/credentials.rb, line 83
def to_document
  BSON::Document.new.tap do |bson|
    bson[:aws] = @aws.to_document if @aws
    bson[:azure] = @azure.to_document if @azure
    bson[:gcp] = @gcp.to_document if @gcp
    bson[:kmip] = @kmip.to_document if @kmip
    bson[:local] = @local.to_document if @local
  end
end