class ZuoraConnect::AppInstanceBase

def kms_encrypt(value, encryption_type: ZuoraConnect.configuration.encryption_type)
  kms_tries ||= 0
  case encryption_type
  when :direct
    resp = kms_client.encrypt({key_id: kms_key(raise_on_blank: true), plaintext: value})
    return resp.ciphertext_blob.unpack('H*').first
  when :envelope
    cipher = fetch_cipher('encrypt')
    value = cipher.update(value.to_s)
    value << cipher.final
    return Base64.strict_encode64(value)
  else
    ZuoraConnect::Exceptions::Error.new("Invalid encryption method '#{encryption_type}'.")
  end
rescue *AWS_AUTH_ERRORS => ex
  if (kms_tries += 1) < 3
    Rails.logger.warn(AWS_AUTH_ERRORS_MSG, ex)
    retry
  else
    Rails.logger.error(AWS_AUTH_ERRORS_MSG, ex)
    raise
  end
end