module Chef::EncryptedDataBagItem::Decryptor
Decryptor
¶ ↑
For backwards compatibility, Chef implements decryption/deserialization for older encrypted data bag item formats in addition to the current version. Each decryption/deserialization strategy is implemented as a class in this namespace. For convenience the factory method +Decryptor.for()+ can be used to create an instance of the appropriate strategy for the given encrypted data bag value.
Public Class Methods
Source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 44 def self.for(encrypted_value, key) format_version = format_version_of(encrypted_value) assert_format_version_acceptable!(format_version) case format_version when 3 Version3Decryptor.new(encrypted_value, key) when 2 Version2Decryptor.new(encrypted_value, key) when 1 Version1Decryptor.new(encrypted_value, key) when 0 Version0Decryptor.new(encrypted_value, key) else raise UnsupportedEncryptedDataBagItemFormat, "This version of chef does not support encrypted data bag item format version '#{format_version}'" end end
Detects the encrypted data bag item format version and instantiates a decryptor object for that version. Call for_decrypted_item on the resulting object to decrypt and deserialize it.
Source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 62 def self.format_version_of(encrypted_value) if encrypted_value.respond_to?(:key?) encrypted_value["version"] else 0 end end