kms_rails 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0d44686b36dbb45a7fc0555c8376b39135cf40ee834c3382fadd88c274dda6a0
4
- data.tar.gz: 8902378d8c6915ecc383057b54a2ca6f72fa7b7ff8f43d74f990c48170ed9c89
3
+ metadata.gz: 14388d5d9417cf639e4e2f0eea57d9a9f55dc5f6a4b6dcbf897444b07656ee83
4
+ data.tar.gz: 7d478fc20e396a995d8abc6affeb160b981eb397e4a5ec52e454323d961919c3
5
5
  SHA512:
6
- metadata.gz: cfe253f5456a8271240090c2cd631c1d27050e62388d005534114286f5969e575c08c49644d26ee0ed104c97b73c6f9ee08cf58f315a0bbb54f7aaca59f7a244
7
- data.tar.gz: febb5eab0f7a4c80168d38fcc70be634fbcb472d3b85b080017e94d9622b4719e5b2f7df15ddb19790c7517c45844e168bb2a79459a8bce93aa8f86e26472d86
6
+ metadata.gz: f3744365abe582e7b0420a692f3f893a14c461c51cdf61e779df2cdf4f5e37902e3c3d44fbd1a68d22d60edb4e1a67a6c600a77fd2541a0f3b6769e36eb45e93
7
+ data.tar.gz: 7b5b2038b49bcffdb35bfc9c600c06bde9de2ca83ca44438d2f60f7c353059225ba15a6e5f9d01af2e80b6704c7af173d2a3c5830799712a5f54a987c15eb25e
data/README.md CHANGED
@@ -142,6 +142,24 @@ Will resolve 'my-key-alias' to 'alias/production/my-key-alias' in the production
142
142
 
143
143
  Directly specifying a key_id as a UUID or with the `alias/` prefix explicitly declared will prevent this behaviour from occurring.
144
144
 
145
+ ## ARN prefixes
146
+
147
+ You can use the `arn_prefix` configuration option to specify that the keys you're referencing are located in a different AWS account or region than the default. For example;
148
+
149
+ ```ruby
150
+ KmsRails.configure do |config|
151
+ config.arn_prefix = 'arn:aws:kms:ap-southeast-1:11111111111:'
152
+ end
153
+
154
+ kms_attr :my_attribute, key_id: 'my-key-alias'
155
+ ```
156
+
157
+ Will resolve 'my-key-alias' to 'arn:aws:kms:ap-southeast-1:11111111111:alias/my-key-alias', which may be a key in a different region or AWS account.
158
+
159
+ This works for aliases and UUID keys, but Proc based key_ids will not have the ARN prefixed.
160
+
161
+ You can use this in combination with alias prefixes. A prefix like 'foo/' would result in a final key of 'arn:aws:kms:ap-southeast-1:11111111111:alias/foo/my-key-alias'.
162
+
145
163
  ## Other stuff
146
164
 
147
165
  ### Notes
@@ -3,11 +3,12 @@ module KmsRails
3
3
  attr_writer :configuration
4
4
 
5
5
  class Configuration
6
- attr_accessor :fake_kms_api, :alias_prefix
6
+ attr_accessor :fake_kms_api, :alias_prefix, :arn_prefix
7
7
 
8
8
  def initialize
9
9
  @fake_kms_api = false
10
10
  @alias_prefix = ''
11
+ @arn_prefix = ''
11
12
  end
12
13
  end
13
14
 
@@ -61,9 +61,9 @@ module KmsRails
61
61
  @base_key_id.call
62
62
  when String
63
63
  if @base_key_id =~ /\A\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\z/ || @base_key_id.start_with?('alias/') # if UUID or direct alias
64
- @base_key_id
64
+ KmsRails.configuration.arn_prefix + @base_key_id
65
65
  else
66
- 'alias/' + KmsRails.configuration.alias_prefix + @base_key_id
66
+ KmsRails.configuration.arn_prefix + 'alias/' + KmsRails.configuration.alias_prefix + @base_key_id
67
67
  end
68
68
  else
69
69
  raise RuntimeError, 'Only Proc and String arguments are supported'
@@ -1,3 +1,3 @@
1
1
  module KmsRails
2
- VERSION = "0.2.1"
2
+ VERSION = "0.3.0"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: kms_rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ash Tyndall
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2020-09-02 00:00:00.000000000 Z
12
+ date: 2021-07-27 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activerecord
@@ -239,8 +239,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
239
239
  - !ruby/object:Gem::Version
240
240
  version: '0'
241
241
  requirements: []
242
- rubyforge_project:
243
- rubygems_version: 2.7.9
242
+ rubygems_version: 3.0.3
244
243
  signing_key:
245
244
  specification_version: 4
246
245
  summary: AWS KMS encryption for ActiveRecord & ActiveJob.