class SecureDataBag::NestedEncryptor

Encryptor object responsable for encrypting the raw_hash with the secret. This object will recursively step through the raw_hash, looking for keys matching `encrypted_keys` and encrypt their values.

@since 3.0.0

Attributes

decrypted_hash[R]

The decrypted hash to encrypt @since 3.0.0

encrypted_hash[R]

The encrypted hash generated @since 3.0.0

encrypted_keys[R]

The keys to encrypt @since 3.0.0

metadata[R]

The metadata used to create the encrypted_hash

Public Class Methods

new(decrypted_hash, secret, metadata = {}) click to toggle source

Initializer @param decrypted_hash [Hash,String] the encrypted hash to encrypt @param secret [String] the secret to encrypt with @param metadata [Hash] optional metadata @since 3.0.0

# File lib/secure_data_bag/encryptor.rb, line 118
def initialize(decrypted_hash, secret, metadata = {})
  @secret = secret
  @metadata = metadata
  @encrypted_hash = {}
  @encrypted_keys = case metadata[:encryption_format]
                    when 'plain' then @encrypted_keys = []
                    else metadata[:encrypted_keys] || []
                    end
  @decrypted_hash = decrypted_hash
end

Public Instance Methods

encrypt() click to toggle source

Method called to encrpt the data structure and return it. @return [Hash] the encrypted value @since 3.0.0

# File lib/secure_data_bag/encryptor.rb, line 139
def encrypt
  encrypt_data(@decrypted_hash)
end
encrypt!() click to toggle source

Method called to encrpt the data structure and return it. @return [Hash] the encrypted value @since 3.0.0

# File lib/secure_data_bag/encryptor.rb, line 132
def encrypt!
  @encrypted_hash = encrypt
end
Also aliased as: for_encrypted_item
for_encrypted_item()

Method name preserved for compatibility with Chef::EncryptedDataBagItem::Encryptor. @since 3.0.0

Alias for: encrypt!

Private Instance Methods

encrypt_data(raw_hash) click to toggle source

Recursively encrypt hash values where keys match encryptable_key? @param raw_hash [Hash] the hash to encrypt @return [Hash] the encrypted hash @since 3.0.0

# File lib/secure_data_bag/encryptor.rb, line 154
def encrypt_data(raw_hash)
  encrypted_hash = Mash.new

  raw_hash.each do |key, value|
    value = if encryptable_key?(key)
              encrypt_value(value)
            elsif value.is_a?(Hash)
              encrypt_data(value)
            else value
            end
    encrypted_hash[key] = value
  end

  encrypted_hash
end
encrypt_value(value) click to toggle source

Encrypt a single value @return [Hash] the encrypted value @since 3.0.0

# File lib/secure_data_bag/encryptor.rb, line 180
def encrypt_value(value)
  Chef::EncryptedDataBagItem::Encryptor
    .new(value, @secret).for_encrypted_item
end
encryptable_key?(key) click to toggle source

Determine whether the hash key should be encrypted @return [Boolean] @since 3.0.0

# File lib/secure_data_bag/encryptor.rb, line 173
def encryptable_key?(key)
  @encrypted_keys.include?(key)
end