summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Steen <dsteen@millennialmedia.com>2015-04-02 04:46:25 -0400
committerDaniel Steen <dsteen@millennialmedia.com>2015-04-02 04:46:25 -0400
commit3c6bc501334880f01ff41dc3cc8d32122adcaeba (patch)
treecdbb8aa3967be70d45dad3aa6f0fc6e5384dc30e
parent6813675a20f232afbe440800a56d4385be55e9fe (diff)
downloadchef-3c6bc501334880f01ff41dc3cc8d32122adcaeba.tar.gz
fix for https://github.com/chef/chef/issues/2113
-rw-r--r--lib/chef/encrypted_data_bag_item/decryptor.rb6
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/chef/encrypted_data_bag_item/decryptor.rb b/lib/chef/encrypted_data_bag_item/decryptor.rb
index 86b99cc284..425218e271 100644
--- a/lib/chef/encrypted_data_bag_item/decryptor.rb
+++ b/lib/chef/encrypted_data_bag_item/decryptor.rb
@@ -92,7 +92,8 @@ class Chef::EncryptedDataBagItem
plaintext = openssl_decryptor.update(encrypted_bytes)
plaintext << openssl_decryptor.final
rescue OpenSSL::Cipher::CipherError => e
- raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect"
+ # if the key length is less than 150 characters, and it contains slashes, we think it may be a path.
+ raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect. #{ @key.length < 255 and @key.include?('/') ? 'Did you perhapse intend to use --secret-file rather than --secret?' : '' }"
end
end
@@ -142,7 +143,8 @@ class Chef::EncryptedDataBagItem
plaintext = openssl_decryptor.update(encrypted_bytes)
plaintext << openssl_decryptor.final
rescue OpenSSL::Cipher::CipherError => e
- raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect"
+ # if the key length is less than 150 characters, and it contains slashes, we think it may be a path.
+ raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect. #{ @key.length < 255 and @key.include?('/') ? 'Did you perhapse intend to use --secret-file rather than --secret?' : '' }"
end
end