kms_rails 0.2.1 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -0
- data/lib/kms_rails/configuration.rb +2 -1
- data/lib/kms_rails/core.rb +2 -2
- data/lib/kms_rails/version.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 14388d5d9417cf639e4e2f0eea57d9a9f55dc5f6a4b6dcbf897444b07656ee83
|
|
4
|
+
data.tar.gz: 7d478fc20e396a995d8abc6affeb160b981eb397e4a5ec52e454323d961919c3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f3744365abe582e7b0420a692f3f893a14c461c51cdf61e779df2cdf4f5e37902e3c3d44fbd1a68d22d60edb4e1a67a6c600a77fd2541a0f3b6769e36eb45e93
|
|
7
|
+
data.tar.gz: 7b5b2038b49bcffdb35bfc9c600c06bde9de2ca83ca44438d2f60f7c353059225ba15a6e5f9d01af2e80b6704c7af173d2a3c5830799712a5f54a987c15eb25e
|
data/README.md
CHANGED
|
@@ -142,6 +142,24 @@ Will resolve 'my-key-alias' to 'alias/production/my-key-alias' in the production
|
|
|
142
142
|
|
|
143
143
|
Directly specifying a key_id as a UUID or with the `alias/` prefix explicitly declared will prevent this behaviour from occurring.
|
|
144
144
|
|
|
145
|
+
## ARN prefixes
|
|
146
|
+
|
|
147
|
+
You can use the `arn_prefix` configuration option to specify that the keys you're referencing are located in a different AWS account or region than the default. For example;
|
|
148
|
+
|
|
149
|
+
```ruby
|
|
150
|
+
KmsRails.configure do |config|
|
|
151
|
+
config.arn_prefix = 'arn:aws:kms:ap-southeast-1:11111111111:'
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
kms_attr :my_attribute, key_id: 'my-key-alias'
|
|
155
|
+
```
|
|
156
|
+
|
|
157
|
+
Will resolve 'my-key-alias' to 'arn:aws:kms:ap-southeast-1:11111111111:alias/my-key-alias', which may be a key in a different region or AWS account.
|
|
158
|
+
|
|
159
|
+
This works for aliases and UUID keys, but Proc based key_ids will not have the ARN prefixed.
|
|
160
|
+
|
|
161
|
+
You can use this in combination with alias prefixes. A prefix like 'foo/' would result in a final key of 'arn:aws:kms:ap-southeast-1:11111111111:alias/foo/my-key-alias'.
|
|
162
|
+
|
|
145
163
|
## Other stuff
|
|
146
164
|
|
|
147
165
|
### Notes
|
|
@@ -3,11 +3,12 @@ module KmsRails
|
|
|
3
3
|
attr_writer :configuration
|
|
4
4
|
|
|
5
5
|
class Configuration
|
|
6
|
-
attr_accessor :fake_kms_api, :alias_prefix
|
|
6
|
+
attr_accessor :fake_kms_api, :alias_prefix, :arn_prefix
|
|
7
7
|
|
|
8
8
|
def initialize
|
|
9
9
|
@fake_kms_api = false
|
|
10
10
|
@alias_prefix = ''
|
|
11
|
+
@arn_prefix = ''
|
|
11
12
|
end
|
|
12
13
|
end
|
|
13
14
|
|
data/lib/kms_rails/core.rb
CHANGED
|
@@ -61,9 +61,9 @@ module KmsRails
|
|
|
61
61
|
@base_key_id.call
|
|
62
62
|
when String
|
|
63
63
|
if @base_key_id =~ /\A\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\z/ || @base_key_id.start_with?('alias/') # if UUID or direct alias
|
|
64
|
-
@base_key_id
|
|
64
|
+
KmsRails.configuration.arn_prefix + @base_key_id
|
|
65
65
|
else
|
|
66
|
-
'alias/' + KmsRails.configuration.alias_prefix + @base_key_id
|
|
66
|
+
KmsRails.configuration.arn_prefix + 'alias/' + KmsRails.configuration.alias_prefix + @base_key_id
|
|
67
67
|
end
|
|
68
68
|
else
|
|
69
69
|
raise RuntimeError, 'Only Proc and String arguments are supported'
|
data/lib/kms_rails/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kms_rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ash Tyndall
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2021-07-27 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: activerecord
|
|
@@ -239,8 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
239
239
|
- !ruby/object:Gem::Version
|
|
240
240
|
version: '0'
|
|
241
241
|
requirements: []
|
|
242
|
-
|
|
243
|
-
rubygems_version: 2.7.9
|
|
242
|
+
rubygems_version: 3.0.3
|
|
244
243
|
signing_key:
|
|
245
244
|
specification_version: 4
|
|
246
245
|
summary: AWS KMS encryption for ActiveRecord & ActiveJob.
|