Module: Legion::Crypt::Erasure

Extended by:
Logging::Helper
Defined in:
lib/legion/crypt/erasure.rb

Class Method Summary collapse

Class Method Details

.erase_tenant(tenant_id:) ⇒ Object 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/legion/crypt/erasure.rb', line 11

def erase_tenant(tenant_id:)
  key_path = "#{tenant_prefix}/#{tenant_id}/master_key"

  log.info "[crypt] Erasing tenant #{tenant_id}"
  if Legion::Crypt.respond_to?(:delete)
    Legion::Crypt.delete(key_path)
  elsif defined?(Legion::Crypt::Vault)
    delete_vault_key(key_path)
  end
  Legion::Events.emit('crypt.tenant_erased', { tenant_id: tenant_id, erased_at: Time.now.utc }) if defined?(Legion::Events)
  log.warn "[crypt] Tenant #{tenant_id} cryptographically erased"

  { erased: true, tenant_id: tenant_id, path: key_path }
rescue StandardError => e
  handle_exception(e, level: :error, operation: 'crypt.erasure.erase_tenant', tenant_id: tenant_id)
  { erased: false, tenant_id: tenant_id, error: e.message }
end

.verify_erasure(tenant_id:) ⇒ Object 



29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/legion/crypt/erasure.rb', line 29

def verify_erasure(tenant_id:)
  key_path = "#{tenant_prefix}/#{tenant_id}/master_key"
  raise 'Legion::Crypt.read is unavailable' unless Legion::Crypt.respond_to?(:read)

  data = Legion::Crypt.read(key_path, nil)
  erased = data.nil?
  log.info "Tenant erasure verification completed for #{tenant_id}: erased=#{erased}"
  { erased: erased, tenant_id: tenant_id }
rescue StandardError => e
  handle_exception(e, level: :warn, operation: 'crypt.erasure.verify_erasure', tenant_id: tenant_id)
  { erased: false, tenant_id: tenant_id, error: e.message }
end