class CredStash::Secret
Attributes
encrypted_value[R]
hmac[R]
key[R]
name[R]
value[R]
Public Class Methods
find(name, context: {})
click to toggle source
# File lib/cred_stash/secret.rb, line 32 def find(name, context: {}) item = repository.get(name) new( name: name, key: CredStash::CipherKey.decrypt(Base64.decode64(item.key), context: context), encrypted_value: Base64.decode64(item.contents), hmac: item.hmac ) end
new(name:, value: nil, key: nil, encrypted_value: nil, hmac: nil, context: {})
click to toggle source
# File lib/cred_stash/secret.rb, line 4 def initialize(name:, value: nil, key: nil, encrypted_value: nil, hmac: nil, context: {}) @name = name @value = value @key = key @encrypted_value = encrypted_value @hmac = hmac @context = context end
repository()
click to toggle source
# File lib/cred_stash/secret.rb, line 42 def repository CredStash::Repository.instance end
Public Instance Methods
decrypted_value()
click to toggle source
# File lib/cred_stash/secret.rb, line 27 def decrypted_value @key.decrypt(@encrypted_value) end
encrypt!(kms_key_id: nil)
click to toggle source
# File lib/cred_stash/secret.rb, line 13 def encrypt!(kms_key_id: nil) @key = CredStash::CipherKey.generate(kms_key_id: kms_key_id, context: @context) @encrypted_value = @key.encrypt(@value) @hmac = @key.hmac(@encrypted_value) end
falsified?()
click to toggle source
# File lib/cred_stash/secret.rb, line 23 def falsified? @key.hmac(@encrypted_value) == @hmac end
save()
click to toggle source
# File lib/cred_stash/secret.rb, line 19 def save self.class.repository.put(to_item) end
Private Instance Methods
current_version()
click to toggle source
# File lib/cred_stash/secret.rb, line 60 def current_version item = CredStash::Repository.instance.select(name, pluck: 'version', limit: 1).first if item item.version.to_i else 0 end end
to_item()
click to toggle source
# File lib/cred_stash/secret.rb, line 50 def to_item CredStash::Repository::Item.new( name: name, version: "%019d" % (current_version + 1), key: Base64.encode64(key.wrapped_key), contents: Base64.encode64(encrypted_value), hmac: hmac ) end