Module: Legion::Crypt::Erasure
Constant Summary
Logging::Helper::CompatLogger
Class Method Summary
collapse
handle_exception, log
Class Method Details
.erase_tenant(tenant_id:) ⇒ Object
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
# File 'lib/legion/crypt/erasure.rb', line 11
def erase_tenant(tenant_id:)
key_path = "#{tenant_prefix}/#{tenant_id}/master_key"
log.info "[crypt] Erasing tenant #{tenant_id}"
if Legion::Crypt.respond_to?(:delete)
Legion::Crypt.delete(key_path)
elsif defined?(Legion::Crypt::Vault)
delete_vault_key(key_path)
end
Legion::Events.emit('crypt.tenant_erased', { tenant_id: tenant_id, erased_at: Time.now.utc }) if defined?(Legion::Events)
log.warn "[crypt] Tenant #{tenant_id} cryptographically erased"
{ erased: true, tenant_id: tenant_id, path: key_path }
rescue StandardError => e
handle_exception(e, level: :error, operation: 'crypt.erasure.erase_tenant', tenant_id: tenant_id)
{ erased: false, tenant_id: tenant_id, error: e.message }
end
|
.verify_erasure(tenant_id:) ⇒ Object
29
30
31
32
33
34
35
36
37
38
39
40
|
# File 'lib/legion/crypt/erasure.rb', line 29
def verify_erasure(tenant_id:)
key_path = "#{tenant_prefix}/#{tenant_id}/master_key"
raise 'Legion::Crypt.read is unavailable' unless Legion::Crypt.respond_to?(:read)
data = Legion::Crypt.read(key_path, nil)
erased = data.nil?
log.info "Tenant erasure verification completed for #{tenant_id}: erased=#{erased}"
{ erased: erased, tenant_id: tenant_id }
rescue StandardError => e
handle_exception(e, level: :warn, operation: 'crypt.erasure.verify_erasure', tenant_id: tenant_id)
{ erased: false, tenant_id: tenant_id, error: e.message }
end
|