class ActiveKms::VaultKeyProvider
Private Instance Methods
decrypt(key_id, encrypted_data_key)
click to toggle source
# File lib/active_kms/vault_key_provider.rb, line 13 def decrypt(key_id, encrypted_data_key) Base64.decode64(client.logical.write("transit/decrypt/#{key_id}", ciphertext: encrypted_data_key).data[:plaintext]) end
default_client()
click to toggle source
# File lib/active_kms/vault_key_provider.rb, line 5 def default_client Vault::Client.new end
encrypt(key_id, data_key)
click to toggle source
# File lib/active_kms/vault_key_provider.rb, line 9 def encrypt(key_id, data_key) client.logical.write("transit/encrypt/#{key_id}", plaintext: Base64.encode64(data_key)).data[:ciphertext] end
prefix()
click to toggle source
could store entire key_id in key_id_header but prefer reference
# File lib/active_kms/vault_key_provider.rb, line 18 def prefix "vt" end