class Envault::Cryptor::Kms

Public Class Methods

new(profile) click to toggle source
# File lib/envault/cryptor/kms.rb, line 4
def initialize(profile)
  require 'aws-sdk'
  options = {}
  options[:region] = profile[:region] if profile[:region]
  options[:access_key_id] = profile[:aws_access_key_id] if profile[:aws_access_key_id]
  options[:secret_access_key] = profile[:aws_secret_access_key] if profile[:aws_secret_access_key]
  @client = Aws::KMS::Client.new(options)
  @key_id = profile[:key_id]
end

Public Instance Methods

decrypt(value) click to toggle source
# File lib/envault/cryptor/kms.rb, line 19
def decrypt(value)
  resp = @client.decrypt(ciphertext_blob: Base64.strict_decode64(value))
  resp.plaintext
end
encrypt(value) click to toggle source
# File lib/envault/cryptor/kms.rb, line 14
def encrypt(value)
  resp = @client.encrypt(key_id: @key_id, plaintext: value)
  Base64.strict_encode64(resp.ciphertext_blob)
end