Class: PatientHttp::SecretReference

Inherits:

Object

• Object
• PatientHttp::SecretReference

Defined in:

lib/patient_http/secret_reference.rb

Overview

A reference to a named secret that can be used as a header or query parameter value when building a Request.

A SecretReference holds only the secret’s name – never its value. When a request is serialized (for example, to be enqueued in a job system), the reference is serialized as a lightweight marker (‘=> name`) so the sensitive value is never written to the queue or logs. The actual value is resolved on the processor side at the moment the request is sent, using the secrets registered on the Configuration.

Examples:

Referencing a secret when building a request

PatientHttp.get(
  "https://api.example.com/data",
  callback: MyCallback,
  headers: {"Authorization" => PatientHttp.secret(:api_token)},
  params: {"api_key" => PatientHttp.secret(:api_key)}
)

Constant Summary

REFERENCE_KEY =

Key used in serialized JSON to indicate a secret reference.

"$secret"

Instance Attribute Summary

• #name ⇒ String readonly

  The name of the referenced secret.

Class Method Summary

• .load(value) ⇒ Object

  Reconstruct a SecretReference from a serialized marker hash.

• .reference?(value) ⇒ Boolean

  Check if a value is a secret reference (either a SecretReference instance or a serialized marker hash).

Instance Method Summary

• #==(other) ⇒ Object (also: #eql?)
• #as_json ⇒ Hash

  Serialize to a marker hash.

• #hash ⇒ Object
• #initialize(name) ⇒ SecretReference constructor

  Initialize a new SecretReference.

• #inspect ⇒ String

  Inspect the reference.

Constructor Details

#initialize(name) ⇒ SecretReference

Initialize a new SecretReference.

Parameters:

• name (String, Symbol) —

  the name of the secret to reference

Raises:

• (ArgumentError) —

  if the name is empty

# File 'lib/patient_http/secret_reference.rb', line 55

def initialize(name)
  @name = name.to_s
  raise ArgumentError.new("secret name cannot be empty") if @name.empty?
end

Instance Attribute Details

#name ⇒ String (readonly)

Returns the name of the referenced secret.

Returns:

• (String) —

  the name of the referenced secret

# File 'lib/patient_http/secret_reference.rb', line 26

def name
  @name
end

Class Method Details

.load(value) ⇒ Object

Reconstruct a SecretReference from a serialized marker hash. Any other value (including an existing SecretReference) is returned unchanged.

Parameters:

• value (Object) —

  a serialized marker hash or any other value

Returns:

• (Object) —

  a SecretReference for a marker hash, otherwise the original value

# File 'lib/patient_http/secret_reference.rb', line 44

def load(value)
  return value unless value.is_a?(Hash) && value.key?(REFERENCE_KEY)

  new(value[REFERENCE_KEY])
end

.reference?(value) ⇒ Boolean

Check if a value is a secret reference (either a SecretReference instance or a serialized marker hash).

Parameters:

• value (Object) —

  the value to check

Returns:

• (Boolean) —

  true if the value is a secret reference

# File 'lib/patient_http/secret_reference.rb', line 34

def reference?(value)
  value.is_a?(SecretReference) ||
    (value.is_a?(Hash) && value.key?(REFERENCE_KEY))
end

Instance Method Details

#==(other) ⇒ Object Also known as: eql?

# File 'lib/patient_http/secret_reference.rb', line 67

def ==(other)
  other.is_a?(SecretReference) && other.name == name
end

#as_json ⇒ Hash

Serialize to a marker hash. Only the name is included; the value is never present.

Returns:

• (Hash) —

  the marker hash

# File 'lib/patient_http/secret_reference.rb', line 63

def as_json
  {REFERENCE_KEY => name}
end

#hash ⇒ Object

# File 'lib/patient_http/secret_reference.rb', line 72

def hash
  [self.class, name].hash
end

#inspect ⇒ String

Inspect the reference. Only the name is shown (there is no value to leak).

Returns:

• (String)

# File 'lib/patient_http/secret_reference.rb', line 79

def inspect
  "#<PatientHttp::SecretReference name=#{name.inspect}>"
end