chamber 2.13.1 → 2.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +0 -0
  4. data/README.md +101 -26
  5. data/lib/chamber.rb +72 -10
  6. data/lib/chamber/adapters/cloud/circle_ci.rb +16 -13
  7. data/lib/chamber/adapters/cloud/heroku.rb +40 -13
  8. data/lib/chamber/binary/circle_ci.rb +25 -12
  9. data/lib/chamber/binary/heroku.rb +31 -12
  10. data/lib/chamber/binary/runner.rb +37 -27
  11. data/lib/chamber/binary/travis.rb +5 -3
  12. data/lib/chamber/commands/base.rb +10 -16
  13. data/lib/chamber/commands/cloud/base.rb +3 -3
  14. data/lib/chamber/commands/cloud/pull.rb +2 -2
  15. data/lib/chamber/commands/cloud/push.rb +7 -7
  16. data/lib/chamber/commands/comparable.rb +2 -2
  17. data/lib/chamber/commands/compare.rb +6 -9
  18. data/lib/chamber/commands/initialize.rb +26 -22
  19. data/lib/chamber/commands/securable.rb +9 -9
  20. data/lib/chamber/commands/secure.rb +2 -2
  21. data/lib/chamber/commands/show.rb +8 -8
  22. data/lib/chamber/commands/sign.rb +2 -2
  23. data/lib/chamber/commands/verify.rb +2 -2
  24. data/lib/chamber/configuration.rb +6 -3
  25. data/lib/chamber/context_resolver.rb +8 -7
  26. data/lib/chamber/encryption_methods/ssl.rb +12 -12
  27. data/lib/chamber/file.rb +16 -14
  28. data/lib/chamber/file_set.rb +18 -8
  29. data/lib/chamber/files/signature.rb +16 -14
  30. data/lib/chamber/filters/decryption_filter.rb +12 -10
  31. data/lib/chamber/filters/encryption_filter.rb +8 -8
  32. data/lib/chamber/filters/environment_filter.rb +12 -14
  33. data/lib/chamber/filters/failed_decryption_filter.rb +6 -6
  34. data/lib/chamber/filters/insecure_filter.rb +3 -3
  35. data/lib/chamber/filters/namespace_filter.rb +5 -5
  36. data/lib/chamber/filters/secure_filter.rb +5 -5
  37. data/lib/chamber/filters/translate_secure_keys_filter.rb +5 -5
  38. data/lib/chamber/instance.rb +37 -21
  39. data/lib/chamber/key_pair.rb +7 -7
  40. data/lib/chamber/keys/base.rb +13 -13
  41. data/lib/chamber/keys/decryption.rb +3 -3
  42. data/lib/chamber/keys/encryption.rb +3 -3
  43. data/lib/chamber/namespace_set.rb +2 -4
  44. data/lib/chamber/settings.rb +45 -43
  45. data/lib/chamber/types/secured.rb +8 -10
  46. data/lib/chamber/version.rb +1 -1
  47. data/templates/settings.yml +2 -0
  48. metadata +24 -26
  49. metadata.gz.sig +0 -0
@@ -10,8 +10,8 @@ require 'chamber/encryption_methods/none'
10
10
  module Chamber
11
11
  module Filters
12
12
  class EncryptionFilter
13
- BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9\+\/]{342}==\z}.freeze
14
- BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9\+\/#]*\={0,2}}.freeze
13
+ BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
14
+ BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
15
15
  LARGE_DATA_STRING_PATTERN = /
16
16
  \A
17
17
  (#{BASE64_SUBSTRING_PATTERN})
@@ -26,14 +26,14 @@ class EncryptionFilter
26
26
  :secure_key_token
27
27
  attr_reader :encryption_keys
28
28
 
29
- def initialize(options = {})
30
- self.encryption_keys = options.fetch(:encryption_keys, {}) || {}
31
- self.data = options.fetch(:data).dup
32
- self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
29
+ def initialize(data:, secure_key_prefix:, encryption_keys: {}, **_args)
30
+ self.encryption_keys = encryption_keys || {}
31
+ self.data = data.dup
32
+ self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
33
33
  end
34
34
 
35
- def self.execute(options = {})
36
- new(options).__send__(:execute)
35
+ def self.execute(**args)
36
+ new(**args).__send__(:execute)
37
37
  end
38
38
 
39
39
  protected
@@ -88,16 +88,16 @@ class EnvironmentFilter
88
88
  # }
89
89
  #
90
90
  #
91
- def self.execute(options = {})
92
- new(options).__send__(:execute)
91
+ def self.execute(**args)
92
+ new(**args).__send__(:execute)
93
93
  end
94
94
 
95
95
  attr_accessor :data,
96
96
  :secure_key_token
97
97
 
98
- def initialize(options = {})
99
- self.data = options.fetch(:data)
100
- self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
98
+ def initialize(data:, secure_key_prefix:, **_args)
99
+ self.data = data
100
+ self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
101
101
  end
102
102
 
103
103
  protected
@@ -138,8 +138,7 @@ class EnvironmentFilter
138
138
  environment_hash
139
139
  end
140
140
 
141
- # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
142
- def convert_environment_value(environment_key, environment_value, settings_value)
141
+ def convert_environment_value(environment_key, environment_value, settings_value) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/AbcSize
143
142
  return settings_value unless environment_value
144
143
  return if %w{___nil___ ___null___}.include?(environment_value)
145
144
 
@@ -163,22 +162,21 @@ class EnvironmentFilter
163
162
  fail ArgumentError, "Invalid value for Array: #{environment_value}"
164
163
  end
165
164
  end
166
- when 'Integer'
165
+ when 'Fixnum', 'Integer'
167
166
  Integer(environment_value)
168
167
  else
169
168
  environment_value
170
169
  end
171
170
  rescue ArgumentError
172
- raise Chamber::Errors::EnvironmentConversion, <<~HEREDOC
173
- We attempted to convert '#{environment_key}' from '#{environment_value}' to a '#{settings_value.class.name}'.
171
+ raise Chamber::Errors::EnvironmentConversion, <<-HEREDOC
172
+ We attempted to convert '#{environment_key}' from '#{environment_value}' to a '#{settings_value.class.name}'.
174
173
 
175
- Unfortunately, this did not go as planned. Please either verify that your value is convertable
176
- or change the original YAML value to be something more generic (like a String).
174
+ Unfortunately, this did not go as planned. Please either verify that your value is convertable
175
+ or change the original YAML value to be something more generic (like a String).
177
176
 
178
- For more information, see https://github.com/thekompanee/chamber/wiki/Environment-Variable-Coercions
177
+ For more information, see https://github.com/thekompanee/chamber/wiki/Environment-Variable-Coercions
179
178
  HEREDOC
180
179
  end
181
- # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
182
180
  end
183
181
  end
184
182
  end
@@ -5,18 +5,18 @@ require 'chamber/errors/decryption_failure'
5
5
  module Chamber
6
6
  module Filters
7
7
  class FailedDecryptionFilter
8
- BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9\+/]{342}==\z}.freeze
8
+ BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
9
9
 
10
- def self.execute(options = {})
11
- new(options).__send__(:execute)
10
+ def self.execute(**args)
11
+ new(**args).__send__(:execute)
12
12
  end
13
13
 
14
14
  attr_accessor :data,
15
15
  :secure_key_token
16
16
 
17
- def initialize(options = {})
18
- self.data = options.fetch(:data).dup
19
- self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
17
+ def initialize(data:, secure_key_prefix:, **_args)
18
+ self.data = data.dup
19
+ self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
20
20
  end
21
21
 
22
22
  protected
@@ -6,8 +6,8 @@ require 'chamber/filters/secure_filter'
6
6
  module Chamber
7
7
  module Filters
8
8
  class InsecureFilter < SecureFilter
9
- BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9\+\/]{342}==\z}.freeze
10
- BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9\+\/#]*\={0,2}}.freeze
9
+ BASE64_STRING_PATTERN = %r{\A[A-Za-z0-9+/]{342}==\z}.freeze
10
+ BASE64_SUBSTRING_PATTERN = %r{[A-Za-z0-9+/#]*={0,2}}.freeze
11
11
  LARGE_DATA_STRING_PATTERN = /
12
12
  \A
13
13
  (#{BASE64_SUBSTRING_PATTERN})
@@ -20,7 +20,7 @@ class InsecureFilter < SecureFilter
20
20
 
21
21
  protected
22
22
 
23
- def execute(raw_data = data)
23
+ def execute(raw_data = data) # rubocop:disable Metrics/CyclomaticComplexity
24
24
  securable_settings = super
25
25
  settings = Hashie::Mash.new
26
26
 
@@ -5,16 +5,16 @@ require 'hashie/mash'
5
5
  module Chamber
6
6
  module Filters
7
7
  class NamespaceFilter
8
- def self.execute(options = {})
9
- new(options).__send__(:execute)
8
+ def self.execute(**args)
9
+ new(**args).__send__(:execute)
10
10
  end
11
11
 
12
12
  attr_accessor :data,
13
13
  :namespaces
14
14
 
15
- def initialize(options = {})
16
- self.data = Hashie::Mash.new(options.fetch(:data))
17
- self.namespaces = options.fetch(:namespaces)
15
+ def initialize(data:, namespaces:, **_args)
16
+ self.data = Hashie::Mash.new(data)
17
+ self.namespaces = namespaces
18
18
  end
19
19
 
20
20
  protected
@@ -5,16 +5,16 @@ require 'hashie/mash'
5
5
  module Chamber
6
6
  module Filters
7
7
  class SecureFilter
8
- def self.execute(options = {})
9
- new(options).__send__(:execute)
8
+ def self.execute(**args)
9
+ new(**args).__send__(:execute)
10
10
  end
11
11
 
12
12
  attr_accessor :data,
13
13
  :secure_key_token
14
14
 
15
- def initialize(options = {})
16
- self.data = Hashie::Mash.new(options.fetch(:data))
17
- self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
15
+ def initialize(data:, secure_key_prefix:, **_args)
16
+ self.data = Hashie::Mash.new(data)
17
+ self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
18
18
  end
19
19
 
20
20
  protected
@@ -5,16 +5,16 @@ require 'hashie/mash'
5
5
  module Chamber
6
6
  module Filters
7
7
  class TranslateSecureKeysFilter
8
- def self.execute(options = {})
9
- new(options).__send__(:execute)
8
+ def self.execute(**args)
9
+ new(**args).__send__(:execute)
10
10
  end
11
11
 
12
12
  attr_accessor :data,
13
13
  :secure_key_token
14
14
 
15
- def initialize(options = {})
16
- self.data = options.fetch(:data).dup
17
- self.secure_key_token = /\A#{Regexp.escape(options.fetch(:secure_key_prefix))}/
15
+ def initialize(data:, secure_key_prefix:, **_args)
16
+ self.data = data.dup
17
+ self.secure_key_token = /\A#{Regexp.escape(secure_key_prefix)}/
18
18
  end
19
19
 
20
20
  protected
@@ -9,15 +9,19 @@ class Instance
9
9
  attr_accessor :configuration,
10
10
  :files
11
11
 
12
- def initialize(options = {})
13
- self.configuration = Configuration.new options
14
- self.files = FileSet.new configuration.to_hash
12
+ def initialize(**args)
13
+ self.configuration = Configuration.new(**args)
14
+ self.files = FileSet.new(**configuration.to_hash)
15
15
  end
16
16
 
17
17
  def settings
18
18
  @settings ||= files.to_settings { |settings| @settings = settings }
19
19
  end
20
20
 
21
+ def [](key)
22
+ settings.[](key)
23
+ end
24
+
21
25
  def filenames
22
26
  files.filenames
23
27
  end
@@ -34,26 +38,42 @@ class Instance
34
38
  files.verify
35
39
  end
36
40
 
37
- def encrypt(data, options = {})
38
- config = configuration.to_hash.merge(options)
41
+ def to_environment
42
+ settings.to_environment
43
+ end
44
+
45
+ def to_s(**args)
46
+ settings.to_s(**args)
47
+ end
48
+
49
+ def to_hash
50
+ settings.to_hash
51
+ end
52
+
53
+ def namespaces
54
+ settings.namespaces
55
+ end
39
56
 
40
- Settings.
41
- new(
42
- config.merge(
57
+ def encrypt(data, **args)
58
+ config = configuration.to_hash.merge(**args)
59
+
60
+ Settings
61
+ .new(
62
+ **config.merge(
43
63
  settings: data,
44
64
  pre_filters: [Filters::EncryptionFilter],
45
65
  post_filters: [],
46
66
  ),
47
- ).
48
- to_hash
67
+ )
68
+ .to_hash
49
69
  end
50
70
 
51
- def decrypt(data, options = {})
52
- config = configuration.to_hash.merge(options)
71
+ def decrypt(data, **args)
72
+ config = configuration.to_hash.merge(**args)
53
73
 
54
- Settings.
55
- new(
56
- config.merge(
74
+ Settings
75
+ .new(
76
+ **config.merge(
57
77
  settings: data,
58
78
  pre_filters: [Filters::NamespaceFilter],
59
79
  post_filters: [
@@ -61,12 +81,8 @@ class Instance
61
81
  Filters::FailedDecryptionFilter,
62
82
  ],
63
83
  ),
64
- ).
65
- to_hash
66
- end
67
-
68
- def to_s(options = {})
69
- settings.to_s(options)
84
+ )
85
+ .to_hash
70
86
  end
71
87
 
72
88
  def method_missing(name, *args)
@@ -9,10 +9,10 @@ class KeyPair
9
9
  :namespace,
10
10
  :passphrase
11
11
 
12
- def initialize(options = {})
13
- self.namespace = options[:namespace]
14
- self.passphrase = options.fetch(:passphrase, SecureRandom.uuid)
15
- self.key_file_path = Pathname.new(options.fetch(:key_file_path))
12
+ def initialize(key_file_path:, namespace: nil, passphrase: ::SecureRandom.uuid)
13
+ self.namespace = namespace
14
+ self.passphrase = passphrase
15
+ self.key_file_path = Pathname.new(key_file_path)
16
16
  end
17
17
 
18
18
  def encrypted_private_key_passphrase_filepath
@@ -78,9 +78,9 @@ class KeyPair
78
78
  @base_key_filename ||= [
79
79
  '.chamber',
80
80
  namespace ? namespace.tr('-.', '') : nil,
81
- ].
82
- compact.
83
- join('.')
81
+ ]
82
+ .compact
83
+ .join('.')
84
84
  end
85
85
  end
86
86
  end
@@ -3,18 +3,18 @@
3
3
  module Chamber
4
4
  module Keys
5
5
  class Base
6
- def self.resolve(*args)
7
- new(*args).resolve
6
+ def self.resolve(**args)
7
+ new(**args).resolve
8
8
  end
9
9
 
10
10
  attr_accessor :rootpath
11
11
  attr_reader :filenames,
12
12
  :namespaces
13
13
 
14
- def initialize(options = {})
15
- self.rootpath = Pathname.new(options.fetch(:rootpath))
16
- self.namespaces = options.fetch(:namespaces)
17
- self.filenames = options[:filenames]
14
+ def initialize(rootpath:, namespaces:, filenames: nil)
15
+ self.rootpath = Pathname.new(rootpath)
16
+ self.namespaces = namespaces
17
+ self.filenames = filenames
18
18
  end
19
19
 
20
20
  def resolve
@@ -41,9 +41,9 @@ class Base
41
41
 
42
42
  # rubocop:disable Performance/ChainArrayAllocation
43
43
  def filenames=(other)
44
- @filenames = Array(other).
45
- map { |o| Pathname.new(o) }.
46
- compact
44
+ @filenames = Array(other)
45
+ .map { |o| Pathname.new(o) }
46
+ .compact
47
47
  end
48
48
  # rubocop:enable Performance/ChainArrayAllocation
49
49
 
@@ -52,10 +52,10 @@ class Base
52
52
  end
53
53
 
54
54
  def namespace_from_path(path)
55
- path.
56
- basename.
57
- to_s.
58
- match(self.class::NAMESPACE_PATTERN) { |m| m[1].upcase }
55
+ path
56
+ .basename
57
+ .to_s
58
+ .match(self.class::NAMESPACE_PATTERN) { |m| m[1].upcase }
59
59
  end
60
60
 
61
61
  def namespace_to_key_path(namespace)
@@ -22,9 +22,9 @@ class Decryption < Chamber::Keys::Base
22
22
  'CHAMBER',
23
23
  namespace_from_path(path),
24
24
  'KEY',
25
- ].
26
- compact.
27
- join('_')
25
+ ]
26
+ .compact
27
+ .join('_')
28
28
  end
29
29
 
30
30
  def key_filename_extension
@@ -22,9 +22,9 @@ class Encryption < Chamber::Keys::Base
22
22
  'CHAMBER',
23
23
  namespace_from_path(path),
24
24
  'PUBLIC_KEY',
25
- ].
26
- compact.
27
- join('_')
25
+ ]
26
+ .compact
27
+ .join('_')
28
28
  end
29
29
 
30
30
  def key_filename_extension
@@ -71,10 +71,8 @@ class NamespaceSet
71
71
  # Internal: Iterates over each namespace value and allows it to be used in
72
72
  # a block.
73
73
  #
74
- def each
75
- namespaces.each do |namespace|
76
- yield namespace
77
- end
74
+ def each(&block)
75
+ namespaces.each(&block)
78
76
  end
79
77
 
80
78
  ###
@@ -16,29 +16,40 @@ require 'chamber/filters/failed_decryption_filter'
16
16
  #
17
17
  module Chamber
18
18
  class Settings
19
- attr_accessor :pre_filters,
20
- :post_filters,
19
+ attr_accessor :decryption_keys,
21
20
  :encryption_keys,
22
- :decryption_keys
21
+ :post_filters,
22
+ :pre_filters,
23
+ :secure_key_prefix
23
24
  attr_reader :namespaces
24
25
 
25
- # rubocop:disable Metrics/CyclomaticComplexity, Metrics/LineLength
26
- def initialize(options = {})
27
- self.namespaces = options[:namespaces] || []
28
- self.raw_data = options[:settings] || {}
29
- self.decryption_keys = options[:decryption_keys] || {}
30
- self.encryption_keys = options[:encryption_keys] || {}
31
- self.pre_filters = options[:pre_filters] || [
32
- Filters::NamespaceFilter,
33
- ]
34
- self.post_filters = options[:post_filters] || [
35
- Filters::DecryptionFilter,
36
- Filters::EnvironmentFilter,
37
- Filters::FailedDecryptionFilter,
38
- Filters::TranslateSecureKeysFilter,
39
- ]
26
+ # rubocop:disable Metrics/ParameterLists
27
+ def initialize(
28
+ decryption_keys: {},
29
+ encryption_keys: {},
30
+ namespaces: [],
31
+ pre_filters: [
32
+ Filters::NamespaceFilter,
33
+ ],
34
+ post_filters: [
35
+ Filters::DecryptionFilter,
36
+ Filters::EnvironmentFilter,
37
+ Filters::FailedDecryptionFilter,
38
+ Filters::TranslateSecureKeysFilter,
39
+ ],
40
+ secure_key_prefix: '_secure_',
41
+ settings: {},
42
+ **_args
43
+ )
44
+ self.decryption_keys = decryption_keys
45
+ self.encryption_keys = encryption_keys
46
+ self.namespaces = namespaces
47
+ self.post_filters = post_filters
48
+ self.pre_filters = pre_filters
49
+ self.raw_data = settings
50
+ self.secure_key_prefix = secure_key_prefix
40
51
  end
41
- # rubocop:enable Metrics/CyclomaticComplexity, Metrics/LineLength
52
+ # rubocop:enable Metrics/ParameterLists
42
53
 
43
54
  ###
44
55
  # Internal: Converts a Settings object into a hash that is compatible as an
@@ -79,15 +90,11 @@ class Settings
79
90
  # } ).to_s
80
91
  # # => 'MY_KEY="my value" MY_OTHER_KEY="my other value"'
81
92
  #
82
- def to_s(options = {})
83
- hierarchical_separator = options[:hierarchical_separator] || '_'
84
- pair_separator = options[:pair_separator] || ' '
85
- value_surrounder = options[:value_surrounder] || '"'
86
- name_value_separator = options[:name_value_separator] || '='
87
-
88
- concatenated_name_hash = to_concatenated_name_hash(hierarchical_separator)
89
-
90
- pairs = concatenated_name_hash.to_a.map do |key, value|
93
+ def to_s(hierarchical_separator: '_',
94
+ pair_separator: ' ',
95
+ value_surrounder: '"',
96
+ name_value_separator: '=')
97
+ pairs = to_concatenated_name_hash(hierarchical_separator).to_a.map do |key, value|
91
98
  "#{key.upcase}#{name_value_separator}#{value_surrounder}#{value}#{value_surrounder}"
92
99
  end
93
100
 
@@ -182,20 +189,21 @@ class Settings
182
189
  # Returns a new Settings object
183
190
  #
184
191
  def merge(other)
185
- other_settings = if other.is_a? Settings
192
+ other_settings = case other
193
+ when Settings
186
194
  other
187
- elsif other.is_a? Hash
195
+ when Hash
188
196
  Settings.new(settings: other)
189
197
  end
190
198
 
191
- # rubocop:disable Metrics/LineLength
199
+ # rubocop:disable Layout/LineLength
192
200
  Settings.new(
193
201
  encryption_keys: encryption_keys.any? ? encryption_keys : other_settings.encryption_keys,
194
202
  decryption_keys: decryption_keys.any? ? decryption_keys : other_settings.decryption_keys,
195
203
  namespaces: (namespaces + other_settings.namespaces),
196
204
  settings: raw_data.merge(other_settings.raw_data),
197
205
  )
198
- # rubocop:enable Metrics/LineLength
206
+ # rubocop:enable Layout/LineLength
199
207
  end
200
208
 
201
209
  ###
@@ -220,14 +228,14 @@ class Settings
220
228
  end
221
229
 
222
230
  def securable
223
- Settings.new(metadata.merge(
231
+ Settings.new(**metadata.merge(
224
232
  settings: raw_data,
225
233
  pre_filters: [Filters::SecureFilter],
226
234
  ))
227
235
  end
228
236
 
229
237
  def secure
230
- Settings.new(metadata.merge(
238
+ Settings.new(**metadata.merge(
231
239
  settings: raw_data,
232
240
  pre_filters: [Filters::EncryptionFilter],
233
241
  post_filters: [Filters::TranslateSecureKeysFilter],
@@ -235,7 +243,7 @@ class Settings
235
243
  end
236
244
 
237
245
  def insecure
238
- Settings.new(metadata.merge(
246
+ Settings.new(**metadata.merge(
239
247
  settings: raw_data,
240
248
  pre_filters: [Filters::InsecureFilter],
241
249
  post_filters: [Filters::TranslateSecureKeysFilter],
@@ -265,23 +273,17 @@ class Settings
265
273
  # rubocop:disable Naming/MemoizedInstanceVariableName
266
274
  def raw_data
267
275
  @filtered_raw_data ||= pre_filters.inject(@raw_data) do |filtered_data, filter|
268
- filter.execute({ data: filtered_data }.
269
- merge(metadata))
276
+ filter.execute(**{ data: filtered_data }.merge(metadata))
270
277
  end
271
278
  end
272
279
  # rubocop:enable Naming/MemoizedInstanceVariableName
273
280
 
274
281
  def data
275
282
  @data ||= post_filters.inject(raw_data) do |filtered_data, filter|
276
- filter.execute({ data: filtered_data }.
277
- merge(metadata))
283
+ filter.execute(**{ data: filtered_data }.merge(metadata))
278
284
  end
279
285
  end
280
286
 
281
- def secure_key_prefix
282
- '_secure_'
283
- end
284
-
285
287
  def metadata
286
288
  {
287
289
  decryption_keys: decryption_keys,