Class: Bolt::Secret::Base

Inherits:

Object

• Object
• Bolt::Secret::Base

Defined in:

lib/bolt/secret/base.rb

Direct Known Subclasses

Plugin::Pkcs7

Instance Method Summary

• #decode(code) ⇒ Object
• #encode(raw) ⇒ Object
• #hooks ⇒ Object
• #secret_decrypt(opts) ⇒ Object (also: #resolve_reference)
• #secret_encrypt(opts) ⇒ Object
• #validate_resolve_reference(opts) ⇒ Object

Instance Method Details

#decode(code) ⇒ Object

Raises:

• (Bolt::ValidationError)

# File 'lib/bolt/secret/base.rb', line 15

def decode(code)
  format = %r{\AENC\[(?<plugin>\w+),(?<encoded>[\w\s+-=/]+)\]\s*\z}
  match = format.match(code)

  raise Bolt::ValidationError, "Could not parse as an encrypted value: #{code}" unless match

  raw = Base64.decode64(match[:encoded])
  [raw, match[:plugin]]
end

#encode(raw) ⇒ Object

# File 'lib/bolt/secret/base.rb', line 10

def encode(raw)
  coded = Base64.encode64(raw).strip
  "ENC[#{name.upcase},#{coded}]"
end

#hooks ⇒ Object

# File 'lib/bolt/secret/base.rb', line 6

def hooks
  %i[resolve_reference secret_encrypt secret_decrypt secret_createkeys validate_resolve_reference]
end

#secret_decrypt(opts) ⇒ Object Also known as: resolve_reference

# File 'lib/bolt/secret/base.rb', line 30

def secret_decrypt(opts)
  raw, _plugin = decode(opts['encrypted_value'])
  decrypt_value(raw)
end

#secret_encrypt(opts) ⇒ Object

# File 'lib/bolt/secret/base.rb', line 25

def secret_encrypt(opts)
  encrypted = encrypt_value(opts['plaintext_value'])
  encode(encrypted)
end

#validate_resolve_reference(opts) ⇒ Object

# File 'lib/bolt/secret/base.rb', line 36

def validate_resolve_reference(opts)
  # TODO: Remove deprecation warning
  if opts.include?('encrypted-value')
    msg = "Parsing error: The 'encrypted-value' key is deprecated and can no longer be used. " \
          "In your Bolt config files, please use 'encrypted_value' instead."
    raise Bolt::ValidationError, msg
  end
  decode(opts['encrypted_value'])
end