class CredStash::Secret

Attributes

encrypted_value[R]
hmac[R]
key[R]
name[R]
value[R]

Public Class Methods

find(name, context: {}) click to toggle source
# File lib/cred_stash/secret.rb, line 32
def find(name, context: {})
  item = repository.get(name)
  new(
    name: name,
    key: CredStash::CipherKey.decrypt(Base64.decode64(item.key), context: context),
    encrypted_value: Base64.decode64(item.contents),
    hmac: item.hmac
  )
end
new(name:, value: nil, key: nil, encrypted_value: nil, hmac: nil, context: {}) click to toggle source
# File lib/cred_stash/secret.rb, line 4
def initialize(name:, value: nil, key: nil, encrypted_value: nil, hmac: nil, context: {})
  @name = name
  @value = value
  @key = key
  @encrypted_value = encrypted_value
  @hmac = hmac
  @context = context
end
repository() click to toggle source
# File lib/cred_stash/secret.rb, line 42
def repository
  CredStash::Repository.instance
end

Public Instance Methods

decrypted_value() click to toggle source
# File lib/cred_stash/secret.rb, line 27
def decrypted_value
  @key.decrypt(@encrypted_value)
end
encrypt!(kms_key_id: nil) click to toggle source
# File lib/cred_stash/secret.rb, line 13
def encrypt!(kms_key_id: nil)
  @key = CredStash::CipherKey.generate(kms_key_id: kms_key_id, context: @context)
  @encrypted_value = @key.encrypt(@value)
  @hmac = @key.hmac(@encrypted_value)
end
falsified?() click to toggle source
# File lib/cred_stash/secret.rb, line 23
def falsified?
  @key.hmac(@encrypted_value) == @hmac
end
save() click to toggle source
# File lib/cred_stash/secret.rb, line 19
def save
  self.class.repository.put(to_item)
end

Private Instance Methods

current_version() click to toggle source
# File lib/cred_stash/secret.rb, line 60
def current_version
  item = CredStash::Repository.instance.select(name, pluck: 'version', limit: 1).first
  if item
    item.version.to_i
  else
    0
  end
end
to_item() click to toggle source
# File lib/cred_stash/secret.rb, line 50
def to_item
  CredStash::Repository::Item.new(
    name: name,
    version: "%019d" % (current_version + 1),
    key: Base64.encode64(key.wrapped_key),
    contents: Base64.encode64(encrypted_value),
    hmac: hmac
  )
end