lib/puppet/parser/functions/encrypt.rb
require 'puppet-decrypt'
module Puppet::Parser::Functions
newfunction(:encrypt, :type => :rvalue, :doc => <<-'DOC' ) do |args|
Encrypt data, using Decryptor.
This function expects four arguments:
- Data to encrypt.
- Secret key file path,
Puppet::Decrypt::Decryptor::DEFAULT_KEY by default.
Can be specified as basename in Puppet::Decrypt::Decryptor::KEY_DIR.
- Salt (optional), randomly generated by default.
- Initialization vector (optional), randomly generated by default,
mainly useful for tests.
DOC
encrypt_args = {}
if args.first.is_a? String
encrypt_args['value'], encrypt_args['secret_key'], encrypt_args['salt'],
encrypt_args['iv'] = args
elsif args.first.is_a? Hash
encrypt_args = args.first
else
raise TypeError, "Expected String or Hash, given #{args.first.class}"
end
Puppet::Decrypt::Decryptor.new.encrypt_hash(encrypt_args)
end
end