kms_rails 0.3.0 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -4
- data/lib/kms_rails/configuration.rb +2 -2
- data/lib/kms_rails/core.rb +2 -2
- data/lib/kms_rails/kms_client_mock.rb +22 -26
- data/lib/kms_rails/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b373095acd772fa6c6b92d73fbb0aef0858fa3eed9d19cff7c055dbcadf3e0cb
|
4
|
+
data.tar.gz: 8a02cf1e4cb494e0ba57a6e9d444404cbe621de7fb1f66ef0b3309e46949c0b8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c57077d895db30059c1516a0ab4d31c4fc11a6b1f5e35815aab266a916d8cc5f4a6f3d0c0791bf02cc61f25b78704924de04e23798b3e45e7ab0b81af83c10a4
|
7
|
+
data.tar.gz: 075f72d9912180b13a255857219ff7b2be6ad11db42512e654178c9897e16a6e51fb3e65d8a54351ccbce20c58823730f86d845582a0fa919a5b5e4262afe83f
|
data/README.md
CHANGED
@@ -115,14 +115,14 @@ Aws.config[:region] = 'us-east-1'
|
|
115
115
|
|
116
116
|
or by using the documented AWS environmental variables.
|
117
117
|
|
118
|
-
##
|
118
|
+
## Custom KMS client
|
119
119
|
|
120
|
-
A basic fake implementation of `Aws::KMS::Client` has been written, allowing kms_rails functionality to be used in test environments without making any web requests. The fake implementation emulates the functionality of the two API calls kms_rails issues to AWS and performs fake encryption (the key is 'encrypted' by reversing it).
|
120
|
+
A basic fake implementation of `Aws::KMS::Client` has been written (`KmsRails::KmsClientMock`), allowing kms_rails functionality to be used in test environments without making any web requests. The fake implementation emulates the functionality of the two API calls kms_rails issues to AWS and performs fake encryption (the key is 'encrypted' by reversing it).
|
121
121
|
|
122
|
-
You can enable it in your Rails initializers with the following
|
122
|
+
You can enable it (or set any custom KMS client with alternate config) in your Rails initializers with the following
|
123
123
|
```ruby
|
124
124
|
KmsRails.configure do |config|
|
125
|
-
config.
|
125
|
+
config.kms_client = KmsRails::KmsClientMock.new
|
126
126
|
end
|
127
127
|
```
|
128
128
|
|
@@ -3,10 +3,10 @@ module KmsRails
|
|
3
3
|
attr_writer :configuration
|
4
4
|
|
5
5
|
class Configuration
|
6
|
-
attr_accessor :
|
6
|
+
attr_accessor :kms_client, :alias_prefix, :arn_prefix
|
7
7
|
|
8
8
|
def initialize
|
9
|
-
@
|
9
|
+
@kms_client = nil
|
10
10
|
@alias_prefix = ''
|
11
11
|
@arn_prefix = ''
|
12
12
|
end
|
data/lib/kms_rails/core.rb
CHANGED
@@ -127,8 +127,8 @@ module KmsRails
|
|
127
127
|
end
|
128
128
|
|
129
129
|
def aws_kms
|
130
|
-
|
131
|
-
|
130
|
+
KmsRails.configuration.kms_client ||
|
131
|
+
(@aws_kms ||= Aws::KMS::Client.new)
|
132
132
|
end
|
133
133
|
|
134
134
|
def aws_generate_data_key(key_id)
|
@@ -2,37 +2,33 @@ require 'aws-sdk-kms'
|
|
2
2
|
require 'msgpack'
|
3
3
|
|
4
4
|
module KmsRails
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
def generate_data_key(key_id:, key_spec:, encryption_context: nil)
|
9
|
-
raise RuntimeError, 'Unsupported key_spec in test mode' unless key_spec == 'AES_256'
|
5
|
+
class KmsClientMock
|
6
|
+
def generate_data_key(key_id:, key_spec:, encryption_context: nil)
|
7
|
+
raise RuntimeError, 'Unsupported key_spec in test mode' unless key_spec == 'AES_256'
|
10
8
|
|
11
|
-
|
9
|
+
plaintext = SecureRandom.random_bytes(256/8)
|
12
10
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
11
|
+
::Aws::KMS::Types::GenerateDataKeyResponse.new(
|
12
|
+
key_id: key_id,
|
13
|
+
plaintext: plaintext,
|
14
|
+
ciphertext_blob: [key_id, encryption_context, plaintext].to_msgpack.reverse,
|
15
|
+
)
|
16
|
+
end
|
19
17
|
|
20
|
-
|
21
|
-
|
22
|
-
|
18
|
+
def decrypt(ciphertext_blob:, encryption_context: nil)
|
19
|
+
key_id, decoded_context, plaintext = MessagePack.unpack(ciphertext_blob.reverse)
|
20
|
+
raise ::Aws::KMS::Errors::InvalidCiphertextException.new(nil, nil) unless decoded_context == encryption_context
|
23
21
|
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
22
|
+
::Aws::KMS::Types::DecryptResponse.new(
|
23
|
+
key_id: key_id,
|
24
|
+
plaintext: plaintext,
|
25
|
+
)
|
26
|
+
rescue MessagePack::MalformedFormatError
|
27
|
+
raise ::Aws::KMS::Errors::InvalidCiphertextException.new(nil, nil)
|
28
|
+
end
|
31
29
|
|
32
|
-
|
33
|
-
|
34
|
-
end
|
35
|
-
end
|
30
|
+
def inspect
|
31
|
+
"#<Aws::KMS::Client (mocked)>"
|
36
32
|
end
|
37
33
|
end
|
38
34
|
end
|
data/lib/kms_rails/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kms_rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ash Tyndall
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date: 2021-
|
12
|
+
date: 2021-08-18 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activerecord
|