class Mongo::Crypt::KMS::AWS::Credentials

AWS KMS Credentials object contains credentials for using AWS KMS provider.

@api private

Constants

FORMAT_HINT

Attributes

access_key_id[R]

@return [ String ] AWS access key.

secret_access_key[R]

@return [ String ] AWS secret access key.

session_token[R]

@return [ String | nil ] AWS session token.

Public Class Methods

new(opts) click to toggle source

Creates an AWS KMS credentials object form a parameters hash.

@param [ Hash ] opts A hash that contains credentials for

AWS KMS provider

@option opts [ String ] :access_key_id AWS access key id. @option opts [ String ] :secret_access_key AWS secret access key. @option opts [ String | nil ] :session_token AWS session token, optional.

@raise [ ArgumentError ] If required options are missing or incorrectly

formatted.
# File lib/mongo/crypt/kms/aws/credentials.rb, line 55
def initialize(opts)
  @opts = opts
  unless empty?
    @access_key_id = validate_param(:access_key_id, opts, FORMAT_HINT)
    @secret_access_key = validate_param(:secret_access_key, opts, FORMAT_HINT)
    @session_token = validate_param(:session_token, opts, FORMAT_HINT, required: false)
  end
end

Public Instance Methods

to_document() click to toggle source

Convert credentials object to a BSON document in libmongocrypt format.

@return [ BSON::Document ] AWS KMS credentials in libmongocrypt format.

# File lib/mongo/crypt/kms/aws/credentials.rb, line 67
def to_document
  return BSON::Document.new if empty?
  BSON::Document.new({
    accessKeyId: access_key_id,
    secretAccessKey: secret_access_key,
  }).tap do |bson|
    unless session_token.nil?
      bson.update({ sessionToken: session_token })
    end
  end
end