| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Use case:
I'm writing a wrapper around MessageEncryptor to make things easier
to rotate a secret in our app.
It works something like
```ruby
crypt = RotatableSecret.new(['old_secret', 'new_secret'])
crypt.decrypt_and_verify(message)
```
I'd like the caller to not have to care about passing the
`on_rotation` option and have the wrapper deal with it when
instantiating the MessageEncryptor object.
Also, almost all of the time the on_rotation should be the same when
rotating a secret (logging something or StatsD event) so I think
it's not worth having to repeat ourselves each time we decrypt a message.
|
| |
|
|
|
|
|
|
| |
Noticed that verifiers and encryptors never once mentioned key generators
and salts but only concerned themselves with generated secrets.
Clears up the confusing naming around raw_key and secret as well. And
makes the rotation API follow the constructor signature to the letter.
|
| |
|
|
|
|
| |
Spares users from passing in non-changing values explicitly.
[ Michael Coyne & Kasper Timm Hansen ]
|
|
|
Both classes now have a rotate method where new instances are added for
each call. When decryption or verification fails the next rotation
instance is tried.
|
