RubyGems - kms_encrypted - Versions diffs - 1.2.4 → 1.3.0 - Mend

kms_encrypted 1.2.4 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/README.md +3 -9
data/lib/kms_encrypted/clients/google.rb +28 -11
data/lib/kms_encrypted/version.rb +1 -1
data/lib/kms_encrypted.rb +18 -9
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a409a4d0d4d5a3e0b6a334908ffbc80196f200b4159afced04e87c70e955c43a
-  data.tar.gz: 8c375ef8eb0103f395aaad213ce30c9cb6ed644a1dbcb2613111b70a14ef5d21
+  metadata.gz: 67d1e3fb931f190e380e35875f1c6346025ebbdd101cdef33ed028d57f2e1b9d
+  data.tar.gz: fe2286f23847db1ee9314cd505fb00478574682a6edd9c7e754e2ce231926e4c
 SHA512:
-  metadata.gz: ced745edbcf99f7d9938160e60b961f98b6c9ed11321605d187394d9518f53e1616e7ca50b43abe26b7861598d0ac02f0930d426e00c91f0ce6c3e53fadd5291
-  data.tar.gz: 83bf433d376ea6380353d65f457b12ec4aca028e6f9bbfca55d2e5f05ebb2da6e4509fa718b293715c092e48c87be683ccc954490161f81a87a10098b97e1c70
+  metadata.gz: 9c651b9fad6d49d6ae4d2a6006ac34d65f7d0f2072446f7cb622c1f48c2c050fc7d70fc6baa0c8883fbe86e34c0ce4e0a00e1b6907d6577209b3389dd94cbced
+  data.tar.gz: 21eeadd0dbb9ed008ca9d2feb34bd43b5dee9c0527aa56b3a1a8a318535ef4707f3690acf504af6091837ec52a81abf1041e7166ef3a2a110cfa35824adebcde

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+## 1.3.0 (2021-10-10)
+- Added support for `google-cloud-kms` gem
 ## 1.2.4 (2021-06-20)
 - Fixed another argument error with Google Cloud KMS and Ruby 3

data/README.md CHANGED Viewed

@@ -48,7 +48,7 @@ gem 'aws-sdk-kms'
 Create an [Amazon Web Services](https://aws.amazon.com/) account if you don’t have one. KMS works great whether or not you run your infrastructure on AWS.
-Create a [KMS master key](https://console.aws.amazon.com/iam/home#/encryptionKeys) and set it in your environment along with your AWS credentials ([dotenv](https://github.com/bkeepers/dotenv) is great for this)
+Create a [KMS master key](https://console.aws.amazon.com/kms/home#/kms/keys) and set it in your environment along with your AWS credentials ([dotenv](https://github.com/bkeepers/dotenv) is great for this)
 ```sh
 KMS_KEY_ID=arn:aws:kms:...
@@ -67,7 +67,7 @@ KMS_KEY_ID=alias/my-alias
 Add this line to your application’s Gemfile:
 ```ruby
-gem 'google-apis-cloudkms_v1'
+gem 'google-cloud-kms'
 ```
 Create a [Google Cloud Platform](https://cloud.google.com/) account if you don’t have one. KMS works great whether or not you run your infrastructure on GCP.
@@ -75,13 +75,7 @@ Create a [Google Cloud Platform](https://cloud.google.com/) account if you don
 Create a [KMS key ring and key](https://console.cloud.google.com/iam-admin/kms) and set it in your environment along with your GCP credentials ([dotenv](https://github.com/bkeepers/dotenv) is great for this)
 ```sh
-KMS_KEY_ID=projects/.../locations/.../keyRings/.../cryptoKeys/...
-```
-The Google API client logs requests by default. Be sure to turn off the logger in production or it will leak the plaintext.
-```ruby
-Google::Apis.logger = Logger.new(nil)
+KMS_KEY_ID=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key
 ```
 ### Vault

data/lib/kms_encrypted/clients/google.rb CHANGED Viewed

@@ -11,12 +11,18 @@ module KmsEncrypted
         # ensure namespace gets loaded
         client = KmsEncrypted.google_client
-        request = ::Google::Apis::CloudkmsV1::EncryptRequest.new(**options)
-        response = client.encrypt_crypto_key(key_id, request)
-        @last_key_version = response.name
-        response.ciphertext
+        if defined?(::Google::Apis::CloudkmsV1::CloudKMSService) && KmsEncrypted.google_client.is_a?(::Google::Apis::CloudkmsV1::CloudKMSService)
+          request = ::Google::Apis::CloudkmsV1::EncryptRequest.new(**options)
+          response = client.encrypt_crypto_key(key_id, request)
+          @last_key_version = response.name
+          response.ciphertext
+        else
+          options[:name] = key_id
+          response = client.encrypt(**options)
+          @last_key_version = response.name
+          response.ciphertext
+        end
       end
       def decrypt(ciphertext, context: nil)
@@ -27,12 +33,23 @@ module KmsEncrypted
         # ensure namespace gets loaded
         client = KmsEncrypted.google_client
-        request = ::Google::Apis::CloudkmsV1::DecryptRequest.new(**options)
-        begin
-          client.decrypt_crypto_key(key_id, request).plaintext
-        rescue ::Google::Apis::ClientError => e
-          decryption_failed! if e.message.include?("Decryption failed")
-          raise e
+        if defined?(::Google::Apis::CloudkmsV1::CloudKMSService) && KmsEncrypted.google_client.is_a?(::Google::Apis::CloudkmsV1::CloudKMSService)
+          request = ::Google::Apis::CloudkmsV1::DecryptRequest.new(**options)
+          begin
+            client.decrypt_crypto_key(key_id, request).plaintext
+          rescue ::Google::Apis::ClientError => e
+            decryption_failed! if e.message.include?("Decryption failed")
+            raise e
+          end
+        else
+          options[:name] = key_id
+          begin
+            client.decrypt(**options).plaintext
+          rescue ::Google::Cloud::InvalidArgumentError => e
+            decryption_failed! if e.message.include?("Decryption failed")
+            raise e
+          end
         end
       end
     end

data/lib/kms_encrypted/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module KmsEncrypted
-  VERSION = "1.2.4"
+  VERSION = "1.3.0"
 end

data/lib/kms_encrypted.rb CHANGED Viewed

@@ -39,15 +39,24 @@ module KmsEncrypted
     def google_client
       @google_client ||= begin
-        require "google/apis/cloudkms_v1"
-        client = ::Google::Apis::CloudkmsV1::CloudKMSService.new
-        client.authorization = ::Google::Auth.get_application_default(
-          "https://www.googleapis.com/auth/cloud-platform"
-        )
-        client.client_options.log_http_requests = false
-        client.client_options.open_timeout_sec = 2
-        client.client_options.read_timeout_sec = 2
-        client
+        begin
+          require "google/apis/cloudkms_v1"
+          client = ::Google::Apis::CloudkmsV1::CloudKMSService.new
+          client.authorization = ::Google::Auth.get_application_default(
+            "https://www.googleapis.com/auth/cloud-platform"
+          )
+          client.client_options.log_http_requests = false
+          client.client_options.open_timeout_sec = 2
+          client.client_options.read_timeout_sec = 2
+          client
+        rescue LoadError
+          require "google/cloud/kms"
+          Google::Cloud::Kms.key_management_service do |config|
+            config.timeout = 2
+          end
+        end
       end
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kms_encrypted
 version: !ruby/object:Gem::Version
-  version: 1.2.4
+  version: 1.3.0
 platform: ruby
 authors:
 - Andrew Kane
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-20 00:00:00.000000000 Z
+date: 2021-10-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -64,7 +64,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.2.22
 signing_key:
 specification_version: 4
 summary: Simple, secure key management for Lockbox and attr_encrypted