Class: Slk::Services::Encryption

Inherits:

Object

• Object
• Slk::Services::Encryption

Defined in:

lib/slk/services/encryption.rb

Overview

Encrypts/decrypts tokens using age with SSH keys

Constant Summary

SUPPORTED_KEY_TYPES =

%w[ssh-rsa ssh-ed25519].freeze

Instance Attribute Summary

• #on_prompt_pub_key ⇒ Object

  Returns the value of attribute on_prompt_pub_key.

Instance Method Summary

• #available? ⇒ Boolean
• #decrypt(encrypted_file, ssh_key_path) ⇒ String^?

  Decrypt an age-encrypted file using an SSH key.

• #encrypt(content, ssh_key_path, output_file) ⇒ Object

  Encrypt content using age with an SSH public key.

• #validate_key_type!(ssh_key_path) ⇒ true

  Validate that the SSH key is a type supported by age.

Instance Attribute Details

#on_prompt_pub_key ⇒ Object

Returns the value of attribute on_prompt_pub_key.

# File 'lib/slk/services/encryption.rb', line 11

def on_prompt_pub_key
  @on_prompt_pub_key
end

Instance Method Details

#available? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/slk/services/encryption.rb', line 13

def available?
  # Cross-platform check for age command
  _output, _error, status = Open3.capture3('age', '--version')
  status.success?
rescue Errno::ENOENT
  false
end

#decrypt(encrypted_file, ssh_key_path) ⇒ String^?

Decrypt an age-encrypted file using an SSH key

Parameters:

• encrypted_file (String) —

  Path to the encrypted file

• ssh_key_path (String) —

  Path to the SSH private key

Returns:

• (String, nil) —

  Decrypted content, or nil if file doesn’t exist

Raises:

• (EncryptionError) —

  If age tool not available, key not found, or decryption fails

# File 'lib/slk/services/encryption.rb', line 51

def decrypt(encrypted_file, ssh_key_path)
  return nil unless File.exist?(encrypted_file)

  raise EncryptionError, 'age encryption tool not available' unless available?
  raise EncryptionError, "SSH key not found: #{ssh_key_path}" unless File.exist?(ssh_key_path)

  run_age_decrypt(encrypted_file, ssh_key_path)
end

#encrypt(content, ssh_key_path, output_file) ⇒ Object

Encrypt content using age with an SSH public key

Parameters:

• content (String) —

  The content to encrypt

• ssh_key_path (String) —

  Path to the SSH private key (public key at .pub)

• output_file (String) —

  Path where encrypted output will be written

Raises:

• (EncryptionError) —

  If age tool not available or public key not found

# File 'lib/slk/services/encryption.rb', line 39

def encrypt(content, ssh_key_path, output_file)
  raise EncryptionError, 'age encryption tool not available' unless available?

  public_key = find_public_key(ssh_key_path)
  run_age_encrypt(content, public_key, output_file)
end

#validate_key_type!(ssh_key_path) ⇒ true

Validate that the SSH key is a type supported by age

Parameters:

• ssh_key_path (String) —

  Path to the SSH private key (public key at .pub)

Returns:

• (true) —

  if valid

Raises:

• (EncryptionError) —

  if private key not found, public key not found, key type is unsupported, or public key doesn’t match private key

# File 'lib/slk/services/encryption.rb', line 26

def validate_key_type!(ssh_key_path)
  raise EncryptionError, "Private key not found: #{ssh_key_path}" unless File.exist?(ssh_key_path)

  public_key = find_public_key(ssh_key_path)
  validate_public_key_type!(public_key)
  validate_key_pair_match!(ssh_key_path, public_key)
end