diff options
author | Daniel Steen <dsteen@millennialmedia.com> | 2015-04-02 04:46:25 -0400 |
---|---|---|
committer | Daniel Steen <dsteen@millennialmedia.com> | 2015-04-02 04:46:25 -0400 |
commit | 3c6bc501334880f01ff41dc3cc8d32122adcaeba (patch) | |
tree | cdbb8aa3967be70d45dad3aa6f0fc6e5384dc30e | |
parent | 6813675a20f232afbe440800a56d4385be55e9fe (diff) | |
download | chef-3c6bc501334880f01ff41dc3cc8d32122adcaeba.tar.gz |
fix for https://github.com/chef/chef/issues/2113
-rw-r--r-- | lib/chef/encrypted_data_bag_item/decryptor.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/chef/encrypted_data_bag_item/decryptor.rb b/lib/chef/encrypted_data_bag_item/decryptor.rb index 86b99cc284..425218e271 100644 --- a/lib/chef/encrypted_data_bag_item/decryptor.rb +++ b/lib/chef/encrypted_data_bag_item/decryptor.rb @@ -92,7 +92,8 @@ class Chef::EncryptedDataBagItem plaintext = openssl_decryptor.update(encrypted_bytes) plaintext << openssl_decryptor.final rescue OpenSSL::Cipher::CipherError => e - raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect" + # if the key length is less than 150 characters, and it contains slashes, we think it may be a path. + raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect. #{ @key.length < 255 and @key.include?('/') ? 'Did you perhapse intend to use --secret-file rather than --secret?' : '' }" end end @@ -142,7 +143,8 @@ class Chef::EncryptedDataBagItem plaintext = openssl_decryptor.update(encrypted_bytes) plaintext << openssl_decryptor.final rescue OpenSSL::Cipher::CipherError => e - raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect" + # if the key length is less than 150 characters, and it contains slashes, we think it may be a path. + raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect. #{ @key.length < 255 and @key.include?('/') ? 'Did you perhapse intend to use --secret-file rather than --secret?' : '' }" end end |