Use AES256 if the cipher is not write-whitelisted

017566a2 · Abhijit Menon-Sen · 47bcdf59 · 017566a2
Commit 017566a2 authored Aug 25, 2015 by Abhijit Menon-Sen
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

lib/ansible/parsing/vault/__init__.py
+2 -2

No files found.
--- a/lib/ansible/parsing/vault/__init__.py
+++ b/lib/ansible/parsing/vault/__init__.py
@@ -132,11 +132,11 @@ class VaultLib:
        if self.is_encrypted(b_data):
            raise AnsibleError("data is already encrypted")
-        if not self.cipher_name:
+        if not self.cipher_name or self.cipher_name not in CIPHER_WRITE_WHITELIST:
            self.cipher_name = u"AES256"
        cipher_class_name = u'Vault{0}'.format(self.cipher_name)
-        if cipher_class_name in globals() and self.cipher_name in CIPHER_WHITELIST:
+        if cipher_class_name in globals():
            Cipher = globals()[cipher_class_name]
            this_cipher = Cipher()
        else: