class SecureDataBag::NestedEncryptor
Encryptor
object responsable for encrypting the raw_hash with the secret. This object will recursively step through the raw_hash, looking for keys matching `encrypted_keys` and encrypt their values.
@since 3.0.0
Attributes
The decrypted hash to encrypt @since 3.0.0
The encrypted hash generated @since 3.0.0
The keys to encrypt @since 3.0.0
The metadata used to create the encrypted_hash
Public Class Methods
Initializer @param decrypted_hash
[Hash,String] the encrypted hash to encrypt @param secret [String] the secret to encrypt with @param metadata [Hash] optional metadata @since 3.0.0
# File lib/secure_data_bag/encryptor.rb, line 118 def initialize(decrypted_hash, secret, metadata = {}) @secret = secret @metadata = metadata @encrypted_hash = {} @encrypted_keys = case metadata[:encryption_format] when 'plain' then @encrypted_keys = [] else metadata[:encrypted_keys] || [] end @decrypted_hash = decrypted_hash end
Public Instance Methods
Method called to encrpt the data structure and return it. @return [Hash] the encrypted value @since 3.0.0
# File lib/secure_data_bag/encryptor.rb, line 139 def encrypt encrypt_data(@decrypted_hash) end
Method called to encrpt the data structure and return it. @return [Hash] the encrypted value @since 3.0.0
# File lib/secure_data_bag/encryptor.rb, line 132 def encrypt! @encrypted_hash = encrypt end
Method name preserved for compatibility with Chef::EncryptedDataBagItem::Encryptor. @since 3.0.0
Private Instance Methods
Recursively encrypt hash values where keys match encryptable_key? @param raw_hash [Hash] the hash to encrypt @return [Hash] the encrypted hash @since 3.0.0
# File lib/secure_data_bag/encryptor.rb, line 154 def encrypt_data(raw_hash) encrypted_hash = Mash.new raw_hash.each do |key, value| value = if encryptable_key?(key) encrypt_value(value) elsif value.is_a?(Hash) encrypt_data(value) else value end encrypted_hash[key] = value end encrypted_hash end
Encrypt a single value @return [Hash] the encrypted value @since 3.0.0
# File lib/secure_data_bag/encryptor.rb, line 180 def encrypt_value(value) Chef::EncryptedDataBagItem::Encryptor .new(value, @secret).for_encrypted_item end
Determine whether the hash key should be encrypted @return [Boolean] @since 3.0.0
# File lib/secure_data_bag/encryptor.rb, line 173 def encryptable_key?(key) @encrypted_keys.include?(key) end