Class: ActiveRecord::Encryption::KeyProvider
- Inherits:
- 
      Object
      
        - Object
- ActiveRecord::Encryption::KeyProvider
 
- Defined in:
- lib/active_record/encryption/key_provider.rb
Overview
A KeyProvider serves keys:
- 
An encryption key 
- 
A list of potential decryption keys. Serving multiple decryption keys supports rotation-schemes where new keys are added but old keys need to continue working 
Direct Known Subclasses
Instance Method Summary collapse
- 
  
    
      #decryption_keys(encrypted_message)  ⇒ Object 
    
    
  
  
  
  
  
  
  
  
  
    Returns the list of decryption keys. 
- 
  
    
      #encryption_key  ⇒ Object 
    
    
  
  
  
  
  
  
  
  
  
    Returns the first key in the list as the active key to perform encryptions. 
- 
  
    
      #initialize(keys)  ⇒ KeyProvider 
    
    
  
  
  
    constructor
  
  
  
  
  
  
  
    A new instance of KeyProvider. 
Constructor Details
#initialize(keys) ⇒ KeyProvider
Returns a new instance of KeyProvider.
| 11 12 13 | # File 'lib/active_record/encryption/key_provider.rb', line 11 def initialize(keys) @keys = Array(keys) end | 
Instance Method Details
#decryption_keys(encrypted_message) ⇒ Object
Returns the list of decryption keys
When the message holds a reference to its encryption key, it will return an array with that key. If not, it will return the list of keys.
| 32 33 34 35 36 37 38 | # File 'lib/active_record/encryption/key_provider.rb', line 32 def decryption_keys() if .headers.encrypted_data_key_id keys_grouped_by_id[.headers.encrypted_data_key_id] else @keys end end | 
#encryption_key ⇒ Object
Returns the first key in the list as the active key to perform encryptions
When ActiveRecord::Encryption.config.store_key_references is true, the key will include a public tag referencing the key itself. That key will be stored in the public headers of the encrypted message
| 20 21 22 23 24 25 26 | # File 'lib/active_record/encryption/key_provider.rb', line 20 def encryption_key @encryption_key ||= @keys.last.tap do |key| key..encrypted_data_key_id = key.id if ActiveRecord::Encryption.config.store_key_references end @encryption_key end |