From 017566a2d9b3297c34c78fc7d38697ade20e1e56 Mon Sep 17 00:00:00 2001 From: Abhijit Menon-Sen Date: Tue, 25 Aug 2015 14:54:23 +0530 Subject: [PATCH] Use AES256 if the cipher is not write-whitelisted --- lib/ansible/parsing/vault/__init__.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/ansible/parsing/vault/__init__.py b/lib/ansible/parsing/vault/__init__.py index 306454cb8de..b12e11816e2 100644 --- a/lib/ansible/parsing/vault/__init__.py +++ b/lib/ansible/parsing/vault/__init__.py @@ -132,11 +132,11 @@ class VaultLib: if self.is_encrypted(b_data): raise AnsibleError("data is already encrypted") - if not self.cipher_name: + if not self.cipher_name or self.cipher_name not in CIPHER_WRITE_WHITELIST: self.cipher_name = u"AES256" cipher_class_name = u'Vault{0}'.format(self.cipher_name) - if cipher_class_name in globals() and self.cipher_name in CIPHER_WHITELIST: + if cipher_class_name in globals(): Cipher = globals()[cipher_class_name] this_cipher = Cipher() else: