kms_rails 0.2.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0d44686b36dbb45a7fc0555c8376b39135cf40ee834c3382fadd88c274dda6a0
-  data.tar.gz: 8902378d8c6915ecc383057b54a2ca6f72fa7b7ff8f43d74f990c48170ed9c89
+  metadata.gz: 14388d5d9417cf639e4e2f0eea57d9a9f55dc5f6a4b6dcbf897444b07656ee83
+  data.tar.gz: 7d478fc20e396a995d8abc6affeb160b981eb397e4a5ec52e454323d961919c3
 SHA512:
-  metadata.gz: cfe253f5456a8271240090c2cd631c1d27050e62388d005534114286f5969e575c08c49644d26ee0ed104c97b73c6f9ee08cf58f315a0bbb54f7aaca59f7a244
-  data.tar.gz: febb5eab0f7a4c80168d38fcc70be634fbcb472d3b85b080017e94d9622b4719e5b2f7df15ddb19790c7517c45844e168bb2a79459a8bce93aa8f86e26472d86
+  metadata.gz: f3744365abe582e7b0420a692f3f893a14c461c51cdf61e779df2cdf4f5e37902e3c3d44fbd1a68d22d60edb4e1a67a6c600a77fd2541a0f3b6769e36eb45e93
+  data.tar.gz: 7b5b2038b49bcffdb35bfc9c600c06bde9de2ca83ca44438d2f60f7c353059225ba15a6e5f9d01af2e80b6704c7af173d2a3c5830799712a5f54a987c15eb25e

data/README.md

@@ -142,6 +142,24 @@ Will resolve 'my-key-alias' to 'alias/production/my-key-alias' in the production
 
 Directly specifying a key_id as a UUID or with the `alias/` prefix explicitly declared will prevent this behaviour from occurring.
 
+## ARN prefixes
+
+You can use the `arn_prefix` configuration option to specify that the keys you're referencing are located in a different AWS account or region than the default. For example;
+
+```ruby
+KmsRails.configure do |config|
+  config.arn_prefix = 'arn:aws:kms:ap-southeast-1:11111111111:'
+end
+
+kms_attr :my_attribute, key_id: 'my-key-alias'
+```
+
+Will resolve 'my-key-alias' to 'arn:aws:kms:ap-southeast-1:11111111111:alias/my-key-alias', which may be a key in a different region or AWS account.
+
+This works for aliases and UUID keys, but Proc based key_ids will not have the ARN prefixed.
+
+You can use this in combination with alias prefixes. A prefix like 'foo/' would result in a final key of 'arn:aws:kms:ap-southeast-1:11111111111:alias/foo/my-key-alias'.
+
 ## Other stuff
 
 ### Notes

data/lib/kms_rails/configuration.rb

@@ -3,11 +3,12 @@ module KmsRails
     attr_writer :configuration
 
     class Configuration
-      attr_accessor :fake_kms_api, :alias_prefix
+      attr_accessor :fake_kms_api, :alias_prefix, :arn_prefix
 
       def initialize
         @fake_kms_api = false
         @alias_prefix = ''
+        @arn_prefix   = ''
       end
     end
 

data/lib/kms_rails/core.rb

@@ -61,9 +61,9 @@ module KmsRails
         @base_key_id.call
       when String
         if @base_key_id =~ /\A\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\z/ || @base_key_id.start_with?('alias/') # if UUID or direct alias
-          @base_key_id
+          KmsRails.configuration.arn_prefix + @base_key_id
         else
-          'alias/' + KmsRails.configuration.alias_prefix + @base_key_id
+          KmsRails.configuration.arn_prefix + 'alias/' + KmsRails.configuration.alias_prefix + @base_key_id
         end
       else
         raise RuntimeError, 'Only Proc and String arguments are supported'

data/lib/kms_rails/version.rb

@@ -1,3 +1,3 @@
 module KmsRails
-  VERSION = "0.2.1"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kms_rails
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Ash Tyndall
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-09-02 00:00:00.000000000 Z
+date: 2021-07-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -239,8 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.9
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: AWS KMS encryption for ActiveRecord & ActiveJob.