porky_lib 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +8 -1
- data/lib/porky_lib/aws/kms/client.rb +17 -0
- data/lib/porky_lib/symmetric.rb +9 -0
- data/lib/porky_lib/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2675129b5aa929103186c7796bdfe281b0ef2a09
|
|
4
|
+
data.tar.gz: 9bd6c825abbc86642d2f5af19a9ffb6314ee4253
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a2ea748669c5c85d6f274dc15d44cc480dd30edae56f149a3de56f8bc99b4ef4a9eb15535bb6d5d8d78c3bebb094d0aea0caeb4fe8f998536b1c0311d2516c91
|
|
7
|
+
data.tar.gz: 43dd122bfbbc7a74c42ad744884c46e6c84d68ed4ec03dff00fc8934cb9c924712e06aa97b3a31eced234b7f11c87a23d6601465ae518483df781d9803f71cb0
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -106,7 +106,14 @@ plaintext_key = PorkyLib::Symmetric.instance.generate_data_encryption_key(cipher
|
|
|
106
106
|
To securely delete the plaintext key from memory:
|
|
107
107
|
```ruby
|
|
108
108
|
# Where length is the number of bytes of the plaintext key (i.e. plaintext_key.bytesize)
|
|
109
|
-
plaintext_key
|
|
109
|
+
plaintext_key.replace(PorkyLib::Symmetric.instance.secure_delete_plaintext_key(plaintext_key.bytesize))
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
### Check If An Alias Exists
|
|
113
|
+
To verify whether an alias exists or not:
|
|
114
|
+
```ruby
|
|
115
|
+
# Where key_alias is the alias name to verify
|
|
116
|
+
alias_exists = PorkyLib::Symmetric.instance.cmk_alias_exists?(key_alias)
|
|
110
117
|
```
|
|
111
118
|
|
|
112
119
|
## Development
|
|
@@ -41,6 +41,23 @@ class Aws::KMS::Client
|
|
|
41
41
|
raise Aws::KMS::Errors::NotFoundException.new(nil, nil) if target_key_id.include?(MOCK_NOT_FOUND_KEY_ID)
|
|
42
42
|
end
|
|
43
43
|
|
|
44
|
+
def list_aliases
|
|
45
|
+
{
|
|
46
|
+
aliases: [
|
|
47
|
+
{
|
|
48
|
+
alias_arn: 'arn:aws:kms:us-east-2:111122223333:alias/example1',
|
|
49
|
+
alias_name: 'alias/example1',
|
|
50
|
+
target_key_id: "4da1e216-62d0-46c5-a7c0-5f3a3d2f8046"
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
alias_arn: 'arn:aws:kms:us-east-2:444455556666:alias/new_key',
|
|
54
|
+
alias_name: 'alias/new_key',
|
|
55
|
+
target_key_id: "4da1e216-62d0-46c5-a7c0-5f3a3d2f8046"
|
|
56
|
+
}
|
|
57
|
+
]
|
|
58
|
+
}
|
|
59
|
+
end
|
|
60
|
+
|
|
44
61
|
def generate_data_key(key_id:, key_spec:, encryption_context: nil)
|
|
45
62
|
raise Aws::KMS::Errors::InvalidKeyUsageException.new(nil, nil) unless key_spec == 'AES_256'
|
|
46
63
|
raise Aws::KMS::Errors::NotFoundException.new(nil, nil) if key_id.include?(MOCK_NOT_FOUND_KEY_ID)
|
data/lib/porky_lib/symmetric.rb
CHANGED
|
@@ -30,6 +30,15 @@ class PorkyLib::Symmetric
|
|
|
30
30
|
key_id
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
+
def cmk_alias_exists?(key_alias)
|
|
34
|
+
alias_list = client.list_aliases.to_h[:aliases]
|
|
35
|
+
alias_list.each do |item|
|
|
36
|
+
return true if item[:alias_name] == key_alias
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
false
|
|
40
|
+
end
|
|
41
|
+
|
|
33
42
|
def enable_key_rotation(key_id)
|
|
34
43
|
PorkyLib::Config.logger.info("Enabling automatic key rotation for master key: '#{key_id}'")
|
|
35
44
|
client.enable_key_rotation(key_id: key_id)
|
data/lib/porky_lib/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: porky_lib
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Greg Fletcher
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-07-
|
|
11
|
+
date: 2018-07-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|