RubyGems - kms_encrypted - Versions diffs - 1.2.4 → 1.3.0 - Mend

kms_encrypted 1.2.4 → 1.3.0

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/README.md +3 -9
data/lib/kms_encrypted/clients/google.rb +28 -11
data/lib/kms_encrypted/version.rb +1 -1
data/lib/kms_encrypted.rb +18 -9
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a409a4d0d4d5a3e0b6a334908ffbc80196f200b4159afced04e87c70e955c43a
-  data.tar.gz: 8c375ef8eb0103f395aaad213ce30c9cb6ed644a1dbcb2613111b70a14ef5d21
+  metadata.gz: 67d1e3fb931f190e380e35875f1c6346025ebbdd101cdef33ed028d57f2e1b9d
+  data.tar.gz: fe2286f23847db1ee9314cd505fb00478574682a6edd9c7e754e2ce231926e4c
 SHA512:
-  metadata.gz: ced745edbcf99f7d9938160e60b961f98b6c9ed11321605d187394d9518f53e1616e7ca50b43abe26b7861598d0ac02f0930d426e00c91f0ce6c3e53fadd5291
-  data.tar.gz: 83bf433d376ea6380353d65f457b12ec4aca028e6f9bbfca55d2e5f05ebb2da6e4509fa718b293715c092e48c87be683ccc954490161f81a87a10098b97e1c70
+  metadata.gz: 9c651b9fad6d49d6ae4d2a6006ac34d65f7d0f2072446f7cb622c1f48c2c050fc7d70fc6baa0c8883fbe86e34c0ce4e0a00e1b6907d6577209b3389dd94cbced
+  data.tar.gz: 21eeadd0dbb9ed008ca9d2feb34bd43b5dee9c0527aa56b3a1a8a318535ef4707f3690acf504af6091837ec52a81abf1041e7166ef3a2a110cfa35824adebcde

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,7 @@
+## 1.3.0 (2021-10-10)
+- Added support for `google-cloud-kms` gem
 ## 1.2.4 (2021-06-20)
 - Fixed another argument error with Google Cloud KMS and Ruby 3

data/README.md CHANGED Viewed

@@ -48,7 +48,7 @@ gem 'aws-sdk-kms'
 Create an [Amazon Web Services](https://aws.amazon.com/) account if you don’t have one. KMS works great whether or not you run your infrastructure on AWS.
-Create a [KMS master key](https://console.aws.amazon.com/iam/home#/encryptionKeys) and set it in your environment along with your AWS credentials ([dotenv](https://github.com/bkeepers/dotenv) is great for this)
+Create a [KMS master key](https://console.aws.amazon.com/kms/home#/kms/keys) and set it in your environment along with your AWS credentials ([dotenv](https://github.com/bkeepers/dotenv) is great for this)
 ```sh
 KMS_KEY_ID=arn:aws:kms:...
@@ -67,7 +67,7 @@ KMS_KEY_ID=alias/my-alias
 Add this line to your application’s Gemfile:
 ```ruby
-gem 'google-apis-cloudkms_v1'
+gem 'google-cloud-kms'
 ```
 Create a [Google Cloud Platform](https://cloud.google.com/) account if you don’t have one. KMS works great whether or not you run your infrastructure on GCP.
@@ -75,13 +75,7 @@ Create a [Google Cloud Platform](https://cloud.google.com/) account if you don
 Create a [KMS key ring and key](https://console.cloud.google.com/iam-admin/kms) and set it in your environment along with your GCP credentials ([dotenv](https://github.com/bkeepers/dotenv) is great for this)
 ```sh
-KMS_KEY_ID=projects/.../locations/.../keyRings/.../cryptoKeys/...
-```
-The Google API client logs requests by default. Be sure to turn off the logger in production or it will leak the plaintext.
-```ruby
-Google::Apis.logger = Logger.new(nil)
+KMS_KEY_ID=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key
 ```
 ### Vault

data/lib/kms_encrypted/clients/google.rb CHANGED Viewed

@@ -11,12 +11,18 @@ module KmsEncrypted
         # ensure namespace gets loaded
         client = KmsEncrypted.google_client
-        request = ::Google::Apis::CloudkmsV1::EncryptRequest.new(**options)
-        response = client.encrypt_crypto_key(key_id, request)
-        @last_key_version = response.name
-        response.ciphertext
+        if defined?(::Google::Apis::CloudkmsV1::CloudKMSService) && KmsEncrypted.google_client.is_a?(::Google::Apis::CloudkmsV1::CloudKMSService)
+          request = ::Google::Apis::CloudkmsV1::EncryptRequest.new(**options)
+          response = client.encrypt_crypto_key(key_id, request)
+          @last_key_version = response.name
+          response.ciphertext
+        else
+          options[:name] = key_id
+          response = client.encrypt(**options)
+          @last_key_version = response.name
+          response.ciphertext
+        end
       end
       def decrypt(ciphertext, context: nil)
@@ -27,12 +33,23 @@ module KmsEncrypted
         # ensure namespace gets loaded
         client = KmsEncrypted.google_client
-        request = ::Google::Apis::CloudkmsV1::DecryptRequest.new(**options)
-        begin
-          client.decrypt_crypto_key(key_id, request).plaintext
-        rescue ::Google::Apis::ClientError => e
-          decryption_failed! if e.message.include?("Decryption failed")
-          raise e
+        if defined?(::Google::Apis::CloudkmsV1::CloudKMSService) && KmsEncrypted.google_client.is_a?(::Google::Apis::CloudkmsV1::CloudKMSService)
+          request = ::Google::Apis::CloudkmsV1::DecryptRequest.new(**options)
+          begin
+            client.decrypt_crypto_key(key_id, request).plaintext
+          rescue ::Google::Apis::ClientError => e
+            decryption_failed! if e.message.include?("Decryption failed")
+            raise e
+          end
+        else
+          options[:name] = key_id
+          begin
+            client.decrypt(**options).plaintext
+          rescue ::Google::Cloud::InvalidArgumentError => e
+            decryption_failed! if e.message.include?("Decryption failed")
+            raise e
+          end
         end
       end
     end

data/lib/kms_encrypted/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module KmsEncrypted
-  VERSION = "1.2.4"
+  VERSION = "1.3.0"
 end

data/lib/kms_encrypted.rb CHANGED Viewed

@@ -39,15 +39,24 @@ module KmsEncrypted
     def google_client
       @google_client ||= begin
-        require "google/apis/cloudkms_v1"
-        client = ::Google::Apis::CloudkmsV1::CloudKMSService.new
-        client.authorization = ::Google::Auth.get_application_default(
-          "https://www.googleapis.com/auth/cloud-platform"
-        )
-        client.client_options.log_http_requests = false
-        client.client_options.open_timeout_sec = 2
-        client.client_options.read_timeout_sec = 2
-        client
+        begin
+          require "google/apis/cloudkms_v1"
+          client = ::Google::Apis::CloudkmsV1::CloudKMSService.new
+          client.authorization = ::Google::Auth.get_application_default(
+            "https://www.googleapis.com/auth/cloud-platform"
+          )
+          client.client_options.log_http_requests = false
+          client.client_options.open_timeout_sec = 2
+          client.client_options.read_timeout_sec = 2
+          client
+        rescue LoadError
+          require "google/cloud/kms"
+          Google::Cloud::Kms.key_management_service do |config|
+            config.timeout = 2
+          end
+        end
       end
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kms_encrypted
 version: !ruby/object:Gem::Version
-  version: 1.2.4
+  version: 1.3.0
 platform: ruby
 authors:
 - Andrew Kane
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-20 00:00:00.000000000 Z
+date: 2021-10-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -64,7 +64,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.2.22
 signing_key:
 specification_version: 4
 summary: Simple, secure key management for Lockbox and attr_encrypted