kms_rails 0.2.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +18 -0
- data/lib/kms_rails/configuration.rb +2 -1
- data/lib/kms_rails/core.rb +2 -2
- data/lib/kms_rails/version.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 14388d5d9417cf639e4e2f0eea57d9a9f55dc5f6a4b6dcbf897444b07656ee83
|
4
|
+
data.tar.gz: 7d478fc20e396a995d8abc6affeb160b981eb397e4a5ec52e454323d961919c3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f3744365abe582e7b0420a692f3f893a14c461c51cdf61e779df2cdf4f5e37902e3c3d44fbd1a68d22d60edb4e1a67a6c600a77fd2541a0f3b6769e36eb45e93
|
7
|
+
data.tar.gz: 7b5b2038b49bcffdb35bfc9c600c06bde9de2ca83ca44438d2f60f7c353059225ba15a6e5f9d01af2e80b6704c7af173d2a3c5830799712a5f54a987c15eb25e
|
data/README.md
CHANGED
@@ -142,6 +142,24 @@ Will resolve 'my-key-alias' to 'alias/production/my-key-alias' in the production
|
|
142
142
|
|
143
143
|
Directly specifying a key_id as a UUID or with the `alias/` prefix explicitly declared will prevent this behaviour from occurring.
|
144
144
|
|
145
|
+
## ARN prefixes
|
146
|
+
|
147
|
+
You can use the `arn_prefix` configuration option to specify that the keys you're referencing are located in a different AWS account or region than the default. For example;
|
148
|
+
|
149
|
+
```ruby
|
150
|
+
KmsRails.configure do |config|
|
151
|
+
config.arn_prefix = 'arn:aws:kms:ap-southeast-1:11111111111:'
|
152
|
+
end
|
153
|
+
|
154
|
+
kms_attr :my_attribute, key_id: 'my-key-alias'
|
155
|
+
```
|
156
|
+
|
157
|
+
Will resolve 'my-key-alias' to 'arn:aws:kms:ap-southeast-1:11111111111:alias/my-key-alias', which may be a key in a different region or AWS account.
|
158
|
+
|
159
|
+
This works for aliases and UUID keys, but Proc based key_ids will not have the ARN prefixed.
|
160
|
+
|
161
|
+
You can use this in combination with alias prefixes. A prefix like 'foo/' would result in a final key of 'arn:aws:kms:ap-southeast-1:11111111111:alias/foo/my-key-alias'.
|
162
|
+
|
145
163
|
## Other stuff
|
146
164
|
|
147
165
|
### Notes
|
@@ -3,11 +3,12 @@ module KmsRails
|
|
3
3
|
attr_writer :configuration
|
4
4
|
|
5
5
|
class Configuration
|
6
|
-
attr_accessor :fake_kms_api, :alias_prefix
|
6
|
+
attr_accessor :fake_kms_api, :alias_prefix, :arn_prefix
|
7
7
|
|
8
8
|
def initialize
|
9
9
|
@fake_kms_api = false
|
10
10
|
@alias_prefix = ''
|
11
|
+
@arn_prefix = ''
|
11
12
|
end
|
12
13
|
end
|
13
14
|
|
data/lib/kms_rails/core.rb
CHANGED
@@ -61,9 +61,9 @@ module KmsRails
|
|
61
61
|
@base_key_id.call
|
62
62
|
when String
|
63
63
|
if @base_key_id =~ /\A\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\z/ || @base_key_id.start_with?('alias/') # if UUID or direct alias
|
64
|
-
@base_key_id
|
64
|
+
KmsRails.configuration.arn_prefix + @base_key_id
|
65
65
|
else
|
66
|
-
'alias/' + KmsRails.configuration.alias_prefix + @base_key_id
|
66
|
+
KmsRails.configuration.arn_prefix + 'alias/' + KmsRails.configuration.alias_prefix + @base_key_id
|
67
67
|
end
|
68
68
|
else
|
69
69
|
raise RuntimeError, 'Only Proc and String arguments are supported'
|
data/lib/kms_rails/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kms_rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ash Tyndall
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2021-07-27 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activerecord
|
@@ -239,8 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
239
239
|
- !ruby/object:Gem::Version
|
240
240
|
version: '0'
|
241
241
|
requirements: []
|
242
|
-
|
243
|
-
rubygems_version: 2.7.9
|
242
|
+
rubygems_version: 3.0.3
|
244
243
|
signing_key:
|
245
244
|
specification_version: 4
|
246
245
|
summary: AWS KMS encryption for ActiveRecord & ActiveJob.
|