kms_rails 0.3.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -4
- data/lib/kms_rails/configuration.rb +2 -2
- data/lib/kms_rails/core.rb +2 -2
- data/lib/kms_rails/kms_client_mock.rb +22 -26
- data/lib/kms_rails/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b373095acd772fa6c6b92d73fbb0aef0858fa3eed9d19cff7c055dbcadf3e0cb
|
|
4
|
+
data.tar.gz: 8a02cf1e4cb494e0ba57a6e9d444404cbe621de7fb1f66ef0b3309e46949c0b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c57077d895db30059c1516a0ab4d31c4fc11a6b1f5e35815aab266a916d8cc5f4a6f3d0c0791bf02cc61f25b78704924de04e23798b3e45e7ab0b81af83c10a4
|
|
7
|
+
data.tar.gz: 075f72d9912180b13a255857219ff7b2be6ad11db42512e654178c9897e16a6e51fb3e65d8a54351ccbce20c58823730f86d845582a0fa919a5b5e4262afe83f
|
data/README.md
CHANGED
|
@@ -115,14 +115,14 @@ Aws.config[:region] = 'us-east-1'
|
|
|
115
115
|
|
|
116
116
|
or by using the documented AWS environmental variables.
|
|
117
117
|
|
|
118
|
-
##
|
|
118
|
+
## Custom KMS client
|
|
119
119
|
|
|
120
|
-
A basic fake implementation of `Aws::KMS::Client` has been written, allowing kms_rails functionality to be used in test environments without making any web requests. The fake implementation emulates the functionality of the two API calls kms_rails issues to AWS and performs fake encryption (the key is 'encrypted' by reversing it).
|
|
120
|
+
A basic fake implementation of `Aws::KMS::Client` has been written (`KmsRails::KmsClientMock`), allowing kms_rails functionality to be used in test environments without making any web requests. The fake implementation emulates the functionality of the two API calls kms_rails issues to AWS and performs fake encryption (the key is 'encrypted' by reversing it).
|
|
121
121
|
|
|
122
|
-
You can enable it in your Rails initializers with the following
|
|
122
|
+
You can enable it (or set any custom KMS client with alternate config) in your Rails initializers with the following
|
|
123
123
|
```ruby
|
|
124
124
|
KmsRails.configure do |config|
|
|
125
|
-
config.
|
|
125
|
+
config.kms_client = KmsRails::KmsClientMock.new
|
|
126
126
|
end
|
|
127
127
|
```
|
|
128
128
|
|
|
@@ -3,10 +3,10 @@ module KmsRails
|
|
|
3
3
|
attr_writer :configuration
|
|
4
4
|
|
|
5
5
|
class Configuration
|
|
6
|
-
attr_accessor :
|
|
6
|
+
attr_accessor :kms_client, :alias_prefix, :arn_prefix
|
|
7
7
|
|
|
8
8
|
def initialize
|
|
9
|
-
@
|
|
9
|
+
@kms_client = nil
|
|
10
10
|
@alias_prefix = ''
|
|
11
11
|
@arn_prefix = ''
|
|
12
12
|
end
|
data/lib/kms_rails/core.rb
CHANGED
|
@@ -127,8 +127,8 @@ module KmsRails
|
|
|
127
127
|
end
|
|
128
128
|
|
|
129
129
|
def aws_kms
|
|
130
|
-
|
|
131
|
-
|
|
130
|
+
KmsRails.configuration.kms_client ||
|
|
131
|
+
(@aws_kms ||= Aws::KMS::Client.new)
|
|
132
132
|
end
|
|
133
133
|
|
|
134
134
|
def aws_generate_data_key(key_id)
|
|
@@ -2,37 +2,33 @@ require 'aws-sdk-kms'
|
|
|
2
2
|
require 'msgpack'
|
|
3
3
|
|
|
4
4
|
module KmsRails
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
def generate_data_key(key_id:, key_spec:, encryption_context: nil)
|
|
9
|
-
raise RuntimeError, 'Unsupported key_spec in test mode' unless key_spec == 'AES_256'
|
|
5
|
+
class KmsClientMock
|
|
6
|
+
def generate_data_key(key_id:, key_spec:, encryption_context: nil)
|
|
7
|
+
raise RuntimeError, 'Unsupported key_spec in test mode' unless key_spec == 'AES_256'
|
|
10
8
|
|
|
11
|
-
|
|
9
|
+
plaintext = SecureRandom.random_bytes(256/8)
|
|
12
10
|
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
11
|
+
::Aws::KMS::Types::GenerateDataKeyResponse.new(
|
|
12
|
+
key_id: key_id,
|
|
13
|
+
plaintext: plaintext,
|
|
14
|
+
ciphertext_blob: [key_id, encryption_context, plaintext].to_msgpack.reverse,
|
|
15
|
+
)
|
|
16
|
+
end
|
|
19
17
|
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
18
|
+
def decrypt(ciphertext_blob:, encryption_context: nil)
|
|
19
|
+
key_id, decoded_context, plaintext = MessagePack.unpack(ciphertext_blob.reverse)
|
|
20
|
+
raise ::Aws::KMS::Errors::InvalidCiphertextException.new(nil, nil) unless decoded_context == encryption_context
|
|
23
21
|
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
22
|
+
::Aws::KMS::Types::DecryptResponse.new(
|
|
23
|
+
key_id: key_id,
|
|
24
|
+
plaintext: plaintext,
|
|
25
|
+
)
|
|
26
|
+
rescue MessagePack::MalformedFormatError
|
|
27
|
+
raise ::Aws::KMS::Errors::InvalidCiphertextException.new(nil, nil)
|
|
28
|
+
end
|
|
31
29
|
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
end
|
|
35
|
-
end
|
|
30
|
+
def inspect
|
|
31
|
+
"#<Aws::KMS::Client (mocked)>"
|
|
36
32
|
end
|
|
37
33
|
end
|
|
38
34
|
end
|
data/lib/kms_rails/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: kms_rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ash Tyndall
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-
|
|
12
|
+
date: 2021-08-18 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: activerecord
|