search

commenthol / ansible-vault

An ansible vault compatible en- and decryption library for node
MIT License
18 stars 8 forks source link

Integrity Check Failed #6

Open alanbacon opened 1 year ago

alanbacon commented 1 year ago

The new release of this library is throwing the following error on my ansible vault files:

/home/app/node_modules/ansible-vault/src/index.js:165
    if (Buffer.compare(hmacComp, hmac) !== 0) throw new Error('Integrity check failed')
                                                    ^

Error: Integrity check failed
    at Vault._decypher (/home/app/node_modules/ansible-vault/src/index.js:165:53)
    at Vault.decryptSync (/home/app/node_modules/ansible-vault/src/index.js:239:17)
    at bootstrap (/home/app/workspaces/background-tasks/dist/tasks/diarize/diarize.main.js:27:23)
    at Object.<anonymous> (/home/app/workspaces/background-tasks/dist/tasks/diarize/diarize.main.js:39:23)
    at Module._compile (node:internal/modules/cjs/loader:1241:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1295:10)
    at Module.load (node:internal/modules/cjs/loader:1091:32)
    at Module._load (node:internal/modules/cjs/loader:938:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:83:12)
    at node:internal/main/run_main_module:23:47

Hmm not sure what else to say, rolling back to version 1.1.0 of this library resolved the issue.

The ansible vault files were created on OSX using the following version:

ansible-vault --version
ansible-vault [core 2.15.3]
  config file = None
  configured module search path = ['/Users/alanb/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.11/site-packages/ansible
  ansible collection location = /Users/alanb/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible-vault
  python version = 3.11.5 (main, Aug 24 2023, 15:18:16) [Clang 14.0.3 (clang-1403.0.22.14.1)] (/usr/local/opt/python@3.11/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True
sharevb commented 8 months ago

Hi @alanbacon, probably needs to replace \r (Mac Convention) by \n (Unix convention) before decrypt ?

Kampfmoehre commented 8 months ago

Having the same problem but the vault was created on Fedora Linux with ansible-vault create. I read the file ocntents with NodeJS readFileSync before passing it to vault.decryptSync.

Edit: Nevermind, there was a misunderstanding in how to use this lib, works now for me

sharevb commented 8 months ago

@alanbacon, @Kampfmoehre Do you have shareable vault file sample ? I integrated this lib in https://github.com/CorentinTh/it-tools/pull/912, you can test here : https://it-tools-git-fork-sharevb-feat-8242ba-corentin-thomasset-s-team.vercel.app/