Class: ActiveCipherStorage::Providers::Base

Inherits:

Object

• Object
• ActiveCipherStorage::Providers::Base

Defined in:

lib/active_cipher_storage/providers/base.rb

Direct Known Subclasses

AwsKmsProvider, EnvProvider

Instance Method Summary

• #decrypt_data_key(encrypted_key) ⇒ Object

  Returns the plaintext DEK (32 bytes).

• #generate_data_key ⇒ Object

  Returns { plaintext_key: String (32 bytes), encrypted_key: String }.

• #key_id ⇒ Object

  Stable identifier for the specific key material in use (e.g. CMK ARN, env var name).

• #provider_id ⇒ Object

  Short ASCII string embedded in every encrypted file header.

• #rotate_data_key(encrypted_key) ⇒ Object
• #wrap_data_key(plaintext_dek) ⇒ Object

  Wraps an existing plaintext DEK under this provider’s master key.

Instance Method Details

#decrypt_data_key(encrypted_key) ⇒ Object

Returns the plaintext DEK (32 bytes). Caller must zero it after use.

Raises:

• (NotImplementedError)

# File 'lib/active_cipher_storage/providers/base.rb', line 10

def decrypt_data_key(encrypted_key)
  raise NotImplementedError, "#{self.class}#decrypt_data_key is not implemented"
end

#generate_data_key ⇒ Object

Returns { plaintext_key: String (32 bytes), encrypted_key: String }

Raises:

• (NotImplementedError)

# File 'lib/active_cipher_storage/providers/base.rb', line 5

def generate_data_key
  raise NotImplementedError, "#{self.class}#generate_data_key is not implemented"
end

#key_id ⇒ Object

Stable identifier for the specific key material in use (e.g. CMK ARN, env var name). Stored in blob metadata for rotation queries. Returns nil for providers where key identity is not meaningful.

# File 'lib/active_cipher_storage/providers/base.rb', line 28

def key_id
  nil
end

#provider_id ⇒ Object

Short ASCII string embedded in every encrypted file header.

Raises:

• (NotImplementedError)

# File 'lib/active_cipher_storage/providers/base.rb', line 21

def provider_id
  raise NotImplementedError, "#{self.class}#provider_id is not implemented"
end

#rotate_data_key(encrypted_key) ⇒ Object

Raises:

• (Errors::UnsupportedOperation)

# File 'lib/active_cipher_storage/providers/base.rb', line 32

def rotate_data_key(encrypted_key)
  raise Errors::UnsupportedOperation,
        "#{self.class} does not support key rotation"
end

#wrap_data_key(plaintext_dek) ⇒ Object

Wraps an existing plaintext DEK under this provider’s master key. Used during key rotation to re-protect a DEK without re-encrypting the file.

Raises:

• (NotImplementedError)

# File 'lib/active_cipher_storage/providers/base.rb', line 16

def wrap_data_key(plaintext_dek)
  raise NotImplementedError, "#{self.class}#wrap_data_key is not implemented"
end