Class: ActiveSupport::EncryptedFile
Relationships & Source Files | |
Namespace Children | |
Exceptions:
| |
Extension / Inclusion / Inheritance Descendants | |
Subclasses:
|
|
Inherits: | Object |
Defined in: | activesupport/lib/active_support/encrypted_file.rb |
Constant Summary
-
CIPHER =
# File 'activesupport/lib/active_support/encrypted_file.rb', line 29"aes-128-gcm"
Class Method Summary
Instance Attribute Summary
- #content_path readonly
- #env_key readonly
- #key readonly
-
#key? ⇒ Boolean
readonly
Returns truthy if #key is truthy.
- #key_path readonly
- #raise_if_missing_key readonly
Instance Method Summary
- #change(&block)
-
#read
Reads the file and returns the decrypted content.
- #write(contents)
Constructor Details
.new(content_path:, key_path:, env_key:, raise_if_missing_key:) ⇒ EncryptedFile
# File 'activesupport/lib/active_support/encrypted_file.rb', line 42
def initialize(content_path:, key_path:, env_key:, raise_if_missing_key:) @content_path = Pathname.new(content_path).yield_self { |path| path.symlink? ? path.realpath : path } @key_path = Pathname.new(key_path) @env_key, @raise_if_missing_key = env_key, raise_if_missing_key end
Class Method Details
.generate_key
[ GitHub ]# File 'activesupport/lib/active_support/encrypted_file.rb', line 31
def self.generate_key SecureRandom.hex(ActiveSupport::MessageEncryptor.key_len(CIPHER)) end
Instance Attribute Details
#content_path (readonly)
[ GitHub ]# File 'activesupport/lib/active_support/encrypted_file.rb', line 40
attr_reader :content_path, :key_path, :env_key, :raise_if_missing_key
#env_key (readonly)
[ GitHub ]# File 'activesupport/lib/active_support/encrypted_file.rb', line 40
attr_reader :content_path, :key_path, :env_key, :raise_if_missing_key
#key (readonly)
Returns the encryption key, first trying the environment variable specified by #env_key, then trying the key file specified by #key_path. If #raise_if_missing_key is true, raises EncryptedFile::MissingKeyError
if the environment variable is not set and the key file does not exist.
# File 'activesupport/lib/active_support/encrypted_file.rb', line 52
def key read_env_key || read_key_file || handle_missing_key end
#key? ⇒ Boolean
(readonly)
Returns truthy if #key is truthy. Returns falsy otherwise. Unlike #key, does not raise EncryptedFile::MissingKeyError
when #raise_if_missing_key is true.
# File 'activesupport/lib/active_support/encrypted_file.rb', line 58
def key? read_env_key || read_key_file end
#key_path (readonly)
[ GitHub ]# File 'activesupport/lib/active_support/encrypted_file.rb', line 40
attr_reader :content_path, :key_path, :env_key, :raise_if_missing_key
#raise_if_missing_key (readonly)
[ GitHub ]# File 'activesupport/lib/active_support/encrypted_file.rb', line 40
attr_reader :content_path, :key_path, :env_key, :raise_if_missing_key
Instance Method Details
#change(&block)
[ GitHub ]# File 'activesupport/lib/active_support/encrypted_file.rb', line 83
def change(&block) writing read, &block end
#read
Reads the file and returns the decrypted content.
Raises:
-
EncryptedFile::MissingKeyError
if the key is missing and #raise_if_missing_key is true. -
EncryptedFile::MissingContentError
if the encrypted file does not exist or otherwise if the key is missing. -
MessageEncryptor::InvalidMessage
if the content cannot be decrypted or verified.
# File 'activesupport/lib/active_support/encrypted_file.rb', line 70
def read if !key.nil? && content_path.exist? decrypt content_path.binread else raise MissingContentError, content_path end end
#write(contents)
[ GitHub ]# File 'activesupport/lib/active_support/encrypted_file.rb', line 78
def write(contents) IO.binwrite "#{content_path}.tmp", encrypt(contents) FileUtils.mv "#{content_path}.tmp", content_path end