[chef-dev] Re: Can encrypted data bag json file be decrypted?

Chronological Thread 
  • From: Tahir Raza < >
  • To: Brad Knowles < >
  • Cc:
  • Subject: [chef-dev] Re: Can encrypted data bag json file be decrypted?
  • Date: Fri, 27 Apr 2012 13:29:41 -0500

Thanks Brad!
I figured that I made a mistake while saving the encrypted json. Yes, I can SVN the encrypted data-bag and decrypt it again.

On Fri, Apr 27, 2012 at 11:57 AM, Brad Knowles < " target="_blank"> > wrote:
On Apr 27, 2012, at 10:59 AM, Tahir Raza wrote:

> I have an encrypted data bag json file that I'd like to check-in into GIT/SVN. Can I do "knife data bag from file BAG ALREADY-ENCRYPTED-FILE".

Good question.  I'd expect that to work, so long as you have the exact same /etc/chef/encrypted_data_bag_secret on both the old and new machines.

> The intention is to avoid doing the manual process of encrypting the data-bag everytime chef-server is re-created but rather be able to use previously encrypted data-bags and just do "knife data bag from file ..." on all my data bags.
> So far I havent found anything fruitful on the web. I have tried "knife data bag show passwords mysql -Fj >data_bags/passwords.json" from jtimberman's code blog but that hasn't worked.
> Any recommendations would be appreciated.
> I am using chef 10.2.

10.2?  Do you mean 0.10.2?  If so, that's pretty old -- 0.10.10 is in late beta (iirc), and 0.10.8 has been out for a while.

Brad Knowles < "> >
SAGE Level IV, Chef Level 0.0.1


Tahir Raza

Archive powered by MHonArc 2.6.16.