class ActiveKms::VaultKeyProvider

Private Instance Methods

decrypt(key_id, encrypted_data_key) click to toggle source
# File lib/active_kms/vault_key_provider.rb, line 13
def decrypt(key_id, encrypted_data_key)
  Base64.decode64(client.logical.write("transit/decrypt/#{key_id}", ciphertext: encrypted_data_key).data[:plaintext])
end
default_client() click to toggle source
# File lib/active_kms/vault_key_provider.rb, line 5
def default_client
  Vault::Client.new
end
encrypt(key_id, data_key) click to toggle source
# File lib/active_kms/vault_key_provider.rb, line 9
def encrypt(key_id, data_key)
  client.logical.write("transit/encrypt/#{key_id}", plaintext: Base64.encode64(data_key)).data[:ciphertext]
end
prefix() click to toggle source

could store entire key_id in key_id_header but prefer reference

# File lib/active_kms/vault_key_provider.rb, line 18
def prefix
  "vt"
end