class Ansible::Vault::Decryptor
The class that handles decrypting an existing vault file
Public Instance Methods
hmac_matches?()
click to toggle source
Indicates if the HMAC present in the file matches the calculated one
@return [Boolean]
# File lib/ansible/vault/decryptor.rb, line 27 def hmac_matches? OrokuSaki.secure_compare(calculated_hmac, file.hmac) end
plaintext()
click to toggle source
Decrypts the ciphertext from the file and strips any padding found.
@return [String] The plaintext contents of the file, this is marked for
zeroing before the GC reaps the object. Any data extracted/parsed from this string should be similarly wiped from memory when no longer used.
# File lib/ansible/vault/decryptor.rb, line 13 def plaintext return @plaintext if defined?(@plaintext) unless hmac_matches? raise HMACMismatch, 'HMAC encoded in the file does not match calculated one!' end @plaintext = cipher(mode: :decrypt).update(file.ciphertext) padding_length = @plaintext[-1].codepoints.first @plaintext.sub!(/#{padding_length.chr}{#{padding_length}}\z/, '') @plaintext.shred_later end
Private Instance Methods
salt()
click to toggle source
# File lib/ansible/vault/decryptor.rb, line 33 def salt file.salt end