Class: KubeKrypt::Decryptor

Inherits:

Object

• Object
• KubeKrypt::Decryptor

Defined in:

lib/kubekrypt/decryptor.rb

Instance Attribute Summary

• #client ⇒ Object readonly

  Returns the value of attribute client.

• #key_name ⇒ Object readonly

  Returns the value of attribute key_name.

Class Method Summary

• .call(content:, base64:) ⇒ Object

Instance Method Summary

• #call(encodedtext, base64: false) ⇒ Object
• #initialize(key_name) ⇒ Decryptor constructor

  A new instance of Decryptor.

Constructor Details

#initialize(key_name) ⇒ Decryptor

Returns a new instance of Decryptor.

# File 'lib/kubekrypt/decryptor.rb', line 5

def initialize(key_name)
  @client = Google::Cloud::Kms.key_management_service
  @key_name = key_name
end

Instance Attribute Details

#client ⇒ Object (readonly)

Returns the value of attribute client.

# File 'lib/kubekrypt/decryptor.rb', line 3

def client
  @client
end

#key_name ⇒ Object (readonly)

Returns the value of attribute key_name.

# File 'lib/kubekrypt/decryptor.rb', line 3

def key_name
  @key_name
end

Class Method Details

.call(content:, base64:) ⇒ Object

# File 'lib/kubekrypt/decryptor.rb', line 22

def self.call(content:, base64:)
  unless content["data"]
    raise InvalidSecretError, "no data key found — nothing to decrypt"
  end

  key_name = content.fetch(METADATA_KEY).fetch(KMS_KEY.to_s)
  decryptor = new(key_name)
  content["data"].transform_values! { |encodedtext| decryptor.call(encodedtext, base64:) }
  content.delete(METADATA_KEY)
  content.to_yaml
end

Instance Method Details

#call(encodedtext, base64: false) ⇒ Object

# File 'lib/kubekrypt/decryptor.rb', line 10

def call(encodedtext, base64: false)
  ciphertext = Base64.strict_decode64(encodedtext.sub("#{ENC_PREFIX}:", ""))

  result = client.decrypt(name: key_name, ciphertext:).plaintext

  if base64
    Base64.strict_encode64(result)
  else
    result
  end
end