fix for https://github.com/chef/chef/issues/2113

1 files changed, 4 insertions, 2 deletions

diff --git a/lib/chef/encrypted_data_bag_item/decryptor.rb b/lib/chef/encrypted_data_bag_item/decryptor.rb
index 86b99cc284..425218e271 100644
--- a/lib/chef/encrypted_data_bag_item/decryptor.rb
+++ b/lib/chef/encrypted_data_bag_item/decryptor.rb
@@ -92,7 +92,8 @@ class Chef::EncryptedDataBagItem
           plaintext = openssl_decryptor.update(encrypted_bytes)
           plaintext << openssl_decryptor.final
         rescue OpenSSL::Cipher::CipherError => e
-          raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect"
+          # if the key length is less than 150 characters, and it contains slashes, we think it may be a path.
+          raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect. #{ @key.length < 255 and @key.include?('/') ? 'Did you perhapse intend to use --secret-file rather than --secret?' : '' }"
         end
       end
 
@@ -142,7 +143,8 @@ class Chef::EncryptedDataBagItem
           plaintext = openssl_decryptor.update(encrypted_bytes)
           plaintext << openssl_decryptor.final
         rescue OpenSSL::Cipher::CipherError => e
-          raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect"
+          # if the key length is less than 150 characters, and it contains slashes, we think it may be a path.
+          raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect. #{ @key.length < 255 and @key.include?('/') ? 'Did you perhapse intend to use --secret-file rather than --secret?' : '' }"
         end
       end