class SecureDataBag::NestedDecryptor
Decryptor
object responsable for decrypting the encrypted_hash
with the secret. This functions similarly, to how Chef::EncryptedDataBagItem::Decryptor does, with the caveat that this is meant to decrypt entire objects and not single values.
@since 3.0.0
Attributes
The decrypted hash @since 3.0.0
The keys found that had to be decrypted in the hash @since 3.0.0
The encrypted hash received @since 3.0.0
The format of this DataBagItem. May be one of:
-
encrypted refers to an EncryptedDataBagItem
-
nested refers to a
SecureDataBagItem
with nested values -
plain refers to a plain DataBagItem
@since 3.0.0
Public Class Methods
Initializer @param encrypted_hash
[Hash,String] the encrypted hash to decrypt @param secret [String] the secret to decrypt with @param metadata [Hash] the optional metdata to configure the decryptor @since 3.0.0
# File lib/secure_data_bag/decryptor.rb, line 58 def initialize(encrypted_hash, secret, metadata = {}) @secret = secret @decrypted_keys = [] @encrypted_hash = encrypted_hash @decrypted_hash = {} @format = metadata[:decryption_format] || if @encrypted_hash.key?(SecureDataBag::METADATA_KEY) 'nested' elsif encrypted?(@encrypted_hash) 'encrypted' elsif partially_encrypted?(@encrypted_hash) 'nested' else 'plain' end end
Public Instance Methods
Method called to decrypt the data structure and return it. @return [Mix] the unencrypted value @since 3.0.0
# File lib/secure_data_bag/decryptor.rb, line 87 def decrypt decrypt_data(@encrypted_hash) end
Method called to decrypt the data structure and return it. @return [Mix] the unencrypted value @since 3.0.0
# File lib/secure_data_bag/decryptor.rb, line 80 def decrypt! @decrypted_hash = decrypt end
Method name preserved for compatibility with Chef::EncryptedDataBagItem::Decryptor. @since 3.0.0
Private Instance Methods
Decrypt a possibly encrypted value @param raw_hash [Hash] a potentially encrypted hash @return [Hash] the unencrypted value @since 3.0.0
# File lib/secure_data_bag/decryptor.rb, line 102 def decrypt_data(raw_hash) if looks_like_encrypted?(raw_hash) decrypt_value(raw_hash) else decrypt_hash(raw_hash) end end
Decrypt a hash potentially containing nested encrypted values
Additionally, this method will attempt tovkeep track of the names of each encrypted key.
@param hash [Hash] a potentially encrypted hash @return [Hash] the unencrypted value @since 3.0.0
# File lib/secure_data_bag/decryptor.rb, line 118 def decrypt_hash(hash) decrypted_hash = Mash.new hash.each do |key, value| value = if looks_like_encrypted?(value) @decrypted_keys.push(key) unless @decrypted_keys .include?(key) decrypt_value(value) elsif value.is_a?(Hash) decrypt_hash(value) else value end decrypted_hash[key] = value end decrypted_hash end
Decrypt an encrypted value @param hash [Hash] the encrypted value as a hash @return [Mix] the unencrypted value @since 3.0.0
# File lib/secure_data_bag/decryptor.rb, line 140 def decrypt_value(value) case @format when 'plain' then value else Chef::EncryptedDataBagItem::Decryptor .for(value, @secret).for_decrypted_item end end