Class: SecureDataBag::NestedDecryptor

Inherits:

Object

• Object
• SecureDataBag::NestedDecryptor

Includes:

CheckEncrypted

Defined in:

lib/secure_data_bag/decryptor.rb

Overview

Decryptor object responsable for decrypting the encrypted_hash with the secret. This functions similarly, to how Chef::EncryptedDataBagItem::Decryptor does, with the caveat that this is meant to decrypt entire objects and not single values.

Since:

• 3.0.0

Instance Attribute Summary

• #decrypted_hash ⇒ Object readonly

  The decrypted hash.

• #decrypted_keys ⇒ Object readonly

  The keys found that had to be decrypted in the hash.

• #encrypted_hash ⇒ Object readonly

  The encrypted hash received.

• #format ⇒ Object readonly

  The format of this DataBagItem.

Instance Method Summary

• #decrypt ⇒ Mix

  Method called to decrypt the data structure and return it.

• #decrypt! ⇒ Mix (also: #for_decrypted_item)

  Method called to decrypt the data structure and return it.

• #initialize(encrypted_hash, secret, metadata = {}) ⇒ NestedDecryptor constructor

  Initializer.

Methods included from CheckEncrypted

#partially_encrypted?

Constructor Details

#initialize(encrypted_hash, secret, metadata = {}) ⇒ NestedDecryptor

Initializer

Parameters:

• encrypted_hash (Hash, String) —

  the encrypted hash to decrypt

• secret (String) —

  the secret to decrypt with

• metadata (Hash) (defaults to: {}) —

  the optional metdata to configure the decryptor

Since:

• 3.0.0

# File 'lib/secure_data_bag/decryptor.rb', line 58

def initialize(encrypted_hash, secret, metadata = {})
  @secret = secret

  @decrypted_keys = []
  @encrypted_hash = encrypted_hash
  @decrypted_hash = {}

  @format = metadata[:decryption_format] ||
    if @encrypted_hash.key?(SecureDataBag::METADATA_KEY)
      'nested'
    elsif encrypted?(@encrypted_hash)
      'encrypted'
    elsif partially_encrypted?(@encrypted_hash)
      'nested'
    else
      'plain'
    end
end

Instance Attribute Details

#decrypted_hash ⇒ Object (readonly)

The decrypted hash

Since:

• 3.0.0

# File 'lib/secure_data_bag/decryptor.rb', line 43

def decrypted_hash
  @decrypted_hash
end

#decrypted_keys ⇒ Object (readonly)

The keys found that had to be decrypted in the hash

Since:

• 3.0.0

# File 'lib/secure_data_bag/decryptor.rb', line 39

def decrypted_keys
  @decrypted_keys
end

#encrypted_hash ⇒ Object (readonly)

The encrypted hash received

Since:

• 3.0.0

# File 'lib/secure_data_bag/decryptor.rb', line 35

def encrypted_hash
  @encrypted_hash
end

#format ⇒ Object (readonly)

The format of this DataBagItem. May be one of:

• encrypted refers to an EncryptedDataBagItem

• nested refers to a SecureDataBagItem with nested values

• plain refers to a plain DataBagItem

Since:

• 3.0.0

# File 'lib/secure_data_bag/decryptor.rb', line 51

def format
  @format
end

Instance Method Details

#decrypt ⇒ Mix

Method called to decrypt the data structure and return it.

Returns:

• (Mix) —

  the unencrypted value

Since:

• 3.0.0

# File 'lib/secure_data_bag/decryptor.rb', line 87

def decrypt
  decrypt_data(@encrypted_hash)
end

#decrypt! ⇒ Mix Also known as: for_decrypted_item

Method called to decrypt the data structure and return it.

Returns:

• (Mix) —

  the unencrypted value

Since:

• 3.0.0

# File 'lib/secure_data_bag/decryptor.rb', line 80

def decrypt!
  @decrypted_hash = decrypt
end