class ActiveRecord::Encryption::KeyProvider

where new keys are added but old keys need to continue working
* A list of potential decryption keys. Serving multiple decryption keys supports rotation-schemes
* An encryption key
A KeyProvider serves keys:

def decryption_keys(encrypted_message)

with that key. If not, it will return the list of keys.
When the message holds a reference to its encryption key, it will return an array

Returns the list of decryption keys

def decryption_keys(encrypted_message)
  if encrypted_message.headers.encrypted_data_key_id
    keys_grouped_by_id[encrypted_message.headers.encrypted_data_key_id]
  else
    @keys
  end
end

def encryption_key

headers of the encrypted message
a public tag referencing the key itself. That key will be stored in the public
When +ActiveRecord::Encryption.config.store_key_references+ is true, the key will include

Returns the first key in the list as the active key to perform encryptions

def encryption_key
  @encryption_key ||= @keys.last.tap do |key|
    key.public_tags.encrypted_data_key_id = key.id if ActiveRecord::Encryption.config.store_key_references
  end
  @encryption_key
end

def initialize(keys)

def initialize(keys)
  @keys = Array(keys)
end

def keys_grouped_by_id

def keys_grouped_by_id
  @keys_grouped_by_id ||= @keys.group_by(&:id)
end

Modules

Classes

class ActiveRecord::Encryption::KeyProvider

def decryption_keys(encrypted_message)

def encryption_key

def initialize(keys)

def keys_grouped_by_id

Namespace

Instance Methods

Defined in