Class: ActiveRecord::Encryption::KeyProvider
| Relationships & Source Files | |
| Extension / Inclusion / Inheritance Descendants | |
|
Subclasses:
|
|
| Inherits: | Object |
| Defined in: | activerecord/lib/active_record/encryption/key_provider.rb |
Overview
A KeyProvider serves keys:
-
An encryption key
-
A list of potential decryption keys. Serving multiple decryption keys supports rotation-schemes where new keys are added but old keys need to continue working
Class Method Summary
- .new(keys) ⇒ KeyProvider constructor
Instance Method Summary
-
#decryption_keys(encrypted_message)
Returns the list of decryption keys.
-
#encryption_key
Returns the first key in the list as the active key to perform encryptions.
Constructor Details
.new(keys) ⇒ KeyProvider
# File 'activerecord/lib/active_record/encryption/key_provider.rb', line 11
def initialize(keys) @keys = Array(keys) end
Instance Method Details
#decryption_keys(encrypted_message)
Returns the list of decryption keys
When the message holds a reference to its encryption key, it will return an array with that key. If not, it will return the list of keys.
# File 'activerecord/lib/active_record/encryption/key_provider.rb', line 32
def decryption_keys() if .headers.encrypted_data_key_id keys_grouped_by_id[.headers.encrypted_data_key_id] else @keys end end
#encryption_key
Returns the first key in the list as the active key to perform encryptions
When ActiveRecord::Encryption.config.store_key_references is true, the key will include a public tag referencing the key itself. That key will be stored in the public headers of the encrypted message
# File 'activerecord/lib/active_record/encryption/key_provider.rb', line 20
def encryption_key @encryption_key ||= @keys.last.tap do |key| key..encrypted_data_key_id = key.id if ActiveRecord::Encryption.config.store_key_references end @encryption_key end