From 017566a2d9b3297c34c78fc7d38697ade20e1e56 Mon Sep 17 00:00:00 2001
From: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date: Tue, 25 Aug 2015 14:54:23 +0530
Subject: [PATCH] Use AES256 if the cipher is not write-whitelisted

---
 lib/ansible/parsing/vault/__init__.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/ansible/parsing/vault/__init__.py b/lib/ansible/parsing/vault/__init__.py
index 306454cb8de..b12e11816e2 100644
--- a/lib/ansible/parsing/vault/__init__.py
+++ b/lib/ansible/parsing/vault/__init__.py
@@ -132,11 +132,11 @@ class VaultLib:
         if self.is_encrypted(b_data):
             raise AnsibleError("data is already encrypted")
 
-        if not self.cipher_name:
+        if not self.cipher_name or self.cipher_name not in CIPHER_WRITE_WHITELIST:
             self.cipher_name = u"AES256"
 
         cipher_class_name = u'Vault{0}'.format(self.cipher_name)
-        if cipher_class_name in globals() and self.cipher_name in CIPHER_WHITELIST:
+        if cipher_class_name in globals():
             Cipher = globals()[cipher_class_name]
             this_cipher = Cipher()
         else: