class Sekrat::Manager

A secret manager that coordinates both storage and encryption

Attributes

crypter[R]

@return [Sekrat::Crypter::Base] the manager's crypter

warehouse[R]

@return [Sekrat::Warehouse::Base] the manager's warehouse

Public Class Methods

new(warehouse:, crypter:) click to toggle source

Initialize a new manager @param warehouse: [Sekrat::Warehouse::Base] the warehouse to use for

secret storage

@param crypter: [Sekrat::Crypter::Base] the crypter to use for encrypting

and decrypting secrets
# File lib/sekrat/manager.rb, line 19
def initialize(warehouse:, crypter:)
  @warehouse = warehouse
  @crypter = crypter
end

Public Instance Methods

get(id, key) click to toggle source

Given a secret ID and an encryption key, retrieve the decrypted secret @param id [String] the ID of the secret to retrieve @param key [String] the key to use to decrypt the secret @return [String] the decrypted secret @raise [Sekrat::DecryptFailure] if there is a problem decrypting the

secret

@raise [Sekrat::NotFound] if the requested secret is not known @raise [Sekrat::Error] if any other problem comes up

# File lib/sekrat/manager.rb, line 62
def get(id, key)
  begin
    crypter.decrypt(
      key,
      warehouse.retrieve(id)
    )
  rescue DecryptFailure
    raise DecryptFailure.new("could not decrypt '#{id}'")
  rescue NotFound
    raise NotFound.new("could not retrieve '#{id}'")
  rescue => error
    raise Error.new(
      "an unknown error (#{error}) occurred trying to load '#{id}'"
    )
  end
end
ids() click to toggle source

Get the IDs that the manager knows about @return [Array<String>] the list of secret IDs

# File lib/sekrat/manager.rb, line 26
def ids
  warehouse.ids
end
put(id, key, data) click to toggle source

Given a secret id, an encryption key, and some data, encrypt the data and store it, indexed by ID @param id [String] the ID for the secret @param key [String] the key to use for encrypting the data @param data [String] the data to save @return [String] the original data @raise [Sekrat::EncryptFailure] if there is a problem with encrypting the

data

@raise [Sekrat::StorageFailure] if there is a problem storing the secret @raise [Sekrat::Error] if any other problem comes up

# File lib/sekrat/manager.rb, line 40
def put(id, key, data)
  begin
    data.tap {|data| warehouse.store(id, crypter.encrypt(key, data))}
  rescue EncryptFailure
    raise EncryptFailure.new("could not encrypt '#{id}'")
  rescue StorageFailure
    raise StorageFailure.new("could not store '#{id}'")
  rescue => error
    raise Error.new(
      "an unknown error (#{error}) occurred trying to save '#{id}'"
    )
  end
end