Class: Hiera::Backend::Eyaml::Encryptors::Age

Inherits:
Encryptor
  • Object
show all
Defined in:
lib/hiera/backend/eyaml/encryptors/age.rb

Constant Summary collapse

VERSION = 
Hiera::Backend::Eyaml::Encryptors::AgeVersion::VERSION

Class Method Summary collapse

Class Method Details

.create_keysObject 



94
95
96
 
# File 'lib/hiera/backend/eyaml/encryptors/age.rb', line 94

def self.create_keys
  warn "The age encryptor does not support creation of keys, use the age command line tools instead"
end

.decrypt(ciphertext) ⇒ Object 



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
# File 'lib/hiera/backend/eyaml/encryptors/age.rb', line 62

def self.decrypt(ciphertext)
  identity_file = option(:identity_file)
  debug("age identity file is #{identity_file}")

  if identity_file.nil? || identity_file.empty?
    raise ArgumentError,
          "No age identity file configured, check age_identity_file configuration value is correct"
  elsif !File.exist?(identity_file)
    raise ArgumentError,
          "Configured age identity file #{identity_file} doesn't exist, check age_identity_file configuration value is correct"
  end

  stdout, stderr, status =
    Open3.capture3(
      option(:age_binary_path),
      "--decrypt",
      "--identity",
      identity_file,
      stdin_data: ciphertext,
      binmode: true
    )

  unless status.success?
    warn(
      "Fatal: Failed to decrypt ciphertext (check settings and that you are a recipient)"
    )
    raise StandardError, "age decrypt failed: #{stderr.strip}"
  end

  stdout
end

.encrypt(plaintext) ⇒ Object 



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/hiera/backend/eyaml/encryptors/age.rb', line 35

def self.encrypt(plaintext)
  recipients = determine_recipients
  debug("Recipients are #{recipients}")

  if recipients.empty?
    raise RecoverableError,
          "No recipients provided, don't know who to encrypt to"
  end

  recipient_args =
    recipients.flat_map { |recipient| ["-r", recipient] }

  stdout, stderr, status =
    Open3.capture3(
      option(:age_binary_path),
      "--encrypt",
      *recipient_args,
      stdin_data: plaintext,
      binmode: true
    )
  unless status.success?
    raise RecoverableError, "age encrypt failed: #{stderr.strip}"
  end

  stdout
end