module Chef::EncryptedDataBagItem::Decryptor

Decryptor

For backwards compatibility, Chef implements decryption/deserialization for
older encrypted data bag item formats in addition to the current version.
Each decryption/deserialization strategy is implemented as a class in this
namespace. For convenience the factory method +Decryptor.for()+ can be used
to create an instance of the appropriate strategy for the given encrypted
data bag value.

Public Class Methods

for(encrypted_value, key) click to toggle source

Detects the encrypted data bag item format version and instantiates a decryptor object for that version. Call for_decrypted_item on the resulting object to decrypt and deserialize it.

# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 44
def self.for(encrypted_value, key)
  format_version = format_version_of(encrypted_value)
  assert_format_version_acceptable!(format_version)
  case format_version
  when 3
    Version3Decryptor.new(encrypted_value, key)
  when 2
    Version2Decryptor.new(encrypted_value, key)
  when 1
    Version1Decryptor.new(encrypted_value, key)
  when 0
    Version0Decryptor.new(encrypted_value, key)
  else
    raise UnsupportedEncryptedDataBagItemFormat,
      "This version of chef does not support encrypted data bag item format version '#{format_version}'"
  end
end
format_version_of(encrypted_value) click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 62
def self.format_version_of(encrypted_value)
  if encrypted_value.respond_to?(:key?)
    encrypted_value["version"]
  else
    0
  end
end