class Ansible::Vault::Encryptor

The class that handles encrypting data to be written to a file.

Public Instance Methods

encrypt(plaintext) click to toggle source

Encrypt supplied plaintext, calculate HMAC, and pass to supplied {FileWriter}

@param [String] plaintext The source data to be encrypted

# File lib/ansible/vault/encryptor.rb, line 12
def encrypt(plaintext)
  padding_length = BLOCK_SIZE - plaintext.bytesize % BLOCK_SIZE
  padded_plaintext = (plaintext + (padding_length.chr * padding_length)).shred_later
  file.ciphertext = cipher(mode: :encrypt).update(padded_plaintext) + cipher.final
  file.salt = salt
  file.hmac = calculated_hmac
end

Private Instance Methods

salt() click to toggle source
# File lib/ansible/vault/encryptor.rb, line 22
def salt
  @salt ||= SecureRandom.random_bytes(KEY_LENGTH)
end