diff --git a/app/services/encryption/encryptors/session_encryptor.rb b/app/services/encryption/encryptors/session_encryptor.rb index 8227aca57d6..7fff16795e5 100644 --- a/app/services/encryption/encryptors/session_encryptor.rb +++ b/app/services/encryption/encryptors/session_encryptor.rb @@ -5,7 +5,7 @@ class SessionEncryptor def encrypt(plaintext) aes_ciphertext = AesEncryptor.new.encrypt(plaintext, aes_encryption_key) - kms_ciphertext = encrypt_with_kms(aes_ciphertext) + kms_ciphertext = KmsClient.new.encrypt(aes_ciphertext, 'context' => 'session-encryption') encode(kms_ciphertext) end @@ -18,14 +18,6 @@ def decrypt(ciphertext) private - def encrypt_with_kms(ciphertext) - if FeatureManagement.use_kms_context_for_sessions? - KmsClient.new.encrypt(ciphertext, 'context' => 'session-encryption') - else - ContextlessKmsClient.new.encrypt(ciphertext) - end - end - def aes_encryptor AesEncryptor.new end diff --git a/config/application.yml.example b/config/application.yml.example index 09c4a976617..a8402e15931 100644 --- a/config/application.yml.example +++ b/config/application.yml.example @@ -207,7 +207,6 @@ development: twilio_record_voice: 'true' use_dashboard_service_providers: 'true' use_kms: 'false' - use_kms_context_for_sessions: 'false' usps_confirmation_max_days: '10' enable_load_testing_mode: 'false' usps_download_sftp_directory: '/undeliverable' @@ -323,7 +322,6 @@ production: twilio_record_voice: 'false' twilio_verify_api_key: 'change-me' use_kms: 'true' - use_kms_context_for_sessions: 'false' usps_confirmation_max_days: '30' enable_load_testing_mode: 'false' usps_download_sftp_directory: @@ -443,7 +441,6 @@ test: twilio_record_voice: 'true' twilio_verify_api_key: 'secret' use_kms: 'false' - use_kms_context_for_sessions: 'true' usps_confirmation_max_days: '10' enable_load_testing_mode: 'false' usps_download_sftp_directory: '/undeliverable' diff --git a/lib/feature_management.rb b/lib/feature_management.rb index aca96103fc9..78a4bc92700 100644 --- a/lib/feature_management.rb +++ b/lib/feature_management.rb @@ -105,8 +105,4 @@ def self.backup_codes_enabled? def self.send_new_device_sms? Figaro.env.send_new_device_sms == 'true' end - - def self.use_kms_context_for_sessions? - Figaro.env.use_kms_context_for_sessions == 'true' - end end diff --git a/spec/services/encryption/encryptors/session_encryptor_spec.rb b/spec/services/encryption/encryptors/session_encryptor_spec.rb index 027cc83e270..3da8290c0f7 100644 --- a/spec/services/encryption/encryptors/session_encryptor_spec.rb +++ b/spec/services/encryption/encryptors/session_encryptor_spec.rb @@ -23,34 +23,14 @@ expect(ciphertext).to eq(expected_ciphertext) end - context 'when use_kms_context_for_sessions is true' do - before do - allow(FeatureManagement).to receive(:use_kms_context_for_sessions?).and_return(true) - end - - it 'sets an encryption context' do - client = instance_double(Encryption::KmsClient) - expect(client).to receive(:encrypt).with( - instance_of(String), 'context' => 'session-encryption' - ).and_return('kms_ciphertext') - allow(Encryption::KmsClient).to receive(:new).and_return(client) - - subject.encrypt(plaintext) - end - end - - context 'when use_kms_context_for_sessions is false' do - before do - allow(FeatureManagement).to receive(:use_kms_context_for_sessions?).and_return(false) - end - - it 'does not set an encryption context' do - client = instance_double(Encryption::ContextlessKmsClient) - expect(client).to receive(:encrypt).with(instance_of(String)).and_return('kms_ciphertext') - allow(Encryption::ContextlessKmsClient).to receive(:new).and_return(client) - - subject.encrypt(plaintext) - end + it 'sets an encryption context' do + client = instance_double(Encryption::KmsClient) + expect(client).to receive(:encrypt).with( + instance_of(String), 'context' => 'session-encryption' + ).and_return('kms_ciphertext') + allow(Encryption::KmsClient).to receive(:new).and_return(client) + + subject.encrypt(plaintext) end end