Method: Chef::EncryptedDataBagItem.load_secret

Defined in:
lib/chef/encrypted_data_bag_item.rb

.load_secret(path = nil) ⇒ Object 



129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
# File 'lib/chef/encrypted_data_bag_item.rb', line 129

def self.load_secret(path = nil)
  require "open-uri" unless defined?(OpenURI)
  path ||= Chef::Config[:encrypted_data_bag_secret]
  unless path
    raise ArgumentError, "No secret specified and no secret found at #{Chef::Config.platform_specific_path(ChefConfig::Config.etc_chef_dir) + "/encrypted_data_bag_secret"}"
  end

  secret = case path
           when %r{^\w+://}
             # We have a remote key
             begin
               Kernel.open(path).read.strip
             rescue Errno::ECONNREFUSED
               raise ArgumentError, "Remote key not available from '#{path}'"
             rescue OpenURI::HTTPError
               raise ArgumentError, "Remote key not found at '#{path}'"
             end
           else
             unless File.exist?(path)
               raise Errno::ENOENT, "file not found '#{path}'"
             end

             IO.read(path).strip
           end
  if secret.size < 1
    raise ArgumentError, "invalid zero length secret in '#{path}'"
  end

  secret
end