Class: ActiveCipherStorage::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/active_cipher_storage/configuration.rb

Constant Summary collapse

ALGORITHMS =

Supported algorithm identifiers.

%w[aes-256-gcm].freeze
MINIMUM_S3_MULTIPART_PART_SIZE =

Minimum S3 multipart part size (except the last part). Streaming encryptors should use chunk_size >= this value when using S3 multipart.

5 * 1024 * 1024
DEFAULT_CHUNK_SIZE =

Default plaintext bytes per chunk when a caller does not pass chunk_size.

MINIMUM_S3_MULTIPART_PART_SIZE

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeConfiguration

Returns a new instance of Configuration.



17
18
19
20
21
22
23
24
 
# File 'lib/active_cipher_storage/configuration.rb', line 17

def initialize
  @config = ActiveSupport::OrderedOptions.new
  self.algorithm = "aes-256-gcm"
  self.encrypt_uploads = true
  self.logger = Logger.new($stdout, level: Logger::WARN)
  @provider_input = nil
  @provider = nil
end

Instance Attribute Details

#configObject (readonly)

Returns the value of attribute config.



15
16
17
 
# File 'lib/active_cipher_storage/configuration.rb', line 15

def config
  @config
end

Instance Method Details

#algorithmObject 



26
27
28
 
# File 'lib/active_cipher_storage/configuration.rb', line 26

def algorithm
  config.algorithm
end

#algorithm=(value) ⇒ Object 



30
31
32
 
# File 'lib/active_cipher_storage/configuration.rb', line 30

def algorithm=(value)
  config.algorithm = value
end

#encrypt_uploadsObject 



34
35
36
 
# File 'lib/active_cipher_storage/configuration.rb', line 34

def encrypt_uploads
  config.encrypt_uploads
end

#encrypt_uploads=(value) ⇒ Object 



38
39
40
 
# File 'lib/active_cipher_storage/configuration.rb', line 38

def encrypt_uploads=(value)
  config.encrypt_uploads = value
end

#loggerObject 



42
43
44
 
# File 'lib/active_cipher_storage/configuration.rb', line 42

def logger
  config.logger
end

#logger=(value) ⇒ Object 



46
47
48
 
# File 'lib/active_cipher_storage/configuration.rb', line 46

def logger=(value)
  config.logger = value
end

#providerObject 



56
57
58
 
# File 'lib/active_cipher_storage/configuration.rb', line 56

def provider
  @provider ||= resolve_provider_input
end

#provider=(value) ⇒ Object

Sets the KMS provider. Use a shorthand symbol or string, or pass a custom Providers::Base instance:

config.provider = :env
config.provider = :aws_kms
config.provider = "aws:kms"
config.provider_options[:key_id] = "arn:..." # optional; see provider docs
config.provider = MyKmsProvider.new



68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/active_cipher_storage/configuration.rb', line 68

def provider=(value)
  @provider = nil
  @provider_input = case value
                    when Providers::Base, Symbol, String, NilClass then value
                    else
                      raise ArgumentError,
                            "provider must be a Providers::Base instance, " \
                            "a supported symbol/string (:env, :aws_kms, \"aws:kms\"), " \
                            "or nil — got #{value.inspect}"
                    end
end

#provider_optionsObject

Keyword arguments for built-in providers (‘:env`, `:aws_kms`, `“aws:kms”`, etc.), passed through to EnvProvider / AwsKmsProvider.



52
53
54
 
# File 'lib/active_cipher_storage/configuration.rb', line 52

def provider_options
  config.provider_options ||= ActiveSupport::OrderedOptions.new
end

#validate!Object

Raises:



80
81
82
83
84
85
86
87
88
89
90
91
92
 
# File 'lib/active_cipher_storage/configuration.rb', line 80

def validate!
  raise ProviderError, "No KMS provider configured. " \
        "Set ActiveCipherStorage.configuration.provider." unless provider

  unless ALGORITHMS.include?(algorithm)
    raise ArgumentError, "Unsupported algorithm: #{algorithm.inspect}. " \
          "Supported: #{ALGORITHMS.join(', ')}"
  end

  return if [true, false].include?(encrypt_uploads)

  raise ArgumentError, "encrypt_uploads must be true or false"
end