[chef] Re: Re: encrypted databag question


Chronological Thread 
  • From: Maven User < >
  • To:
  • Subject: [chef] Re: Re: encrypted databag question
  • Date: Fri, 21 Oct 2011 17:12:02 -0400

Ok, that's what I _thought_ and have the path to the secret file like this:

passwords = Chef::EncryptedDataBagItem.load("prod", "passwords", "C:/chef/secret")

And the "secret" file is right in that location as specified above.

But I keep getting the following -

DEBUG: OpenSSL::Cipher::CipherError: bad decrypt

Is there something wrong with the key or with chef being unable to find the key?

On Fri, Oct 21, 2011 at 5:00 PM, AJ Christensen < "> > wrote:
Yo,

You can put the secret anywhere.

The third argument is a string to the path of the file containing the key.

If you put your key in /etc/chef/encrypted_data_bag_secret, the
default value of Chef::Config[:encrypted_data_bag_secret], you can
omit the third argument.

Here are the codes for loading the secret:
https://github.com/opscode/chef/blob/master/chef/lib/chef/encrypted_data_bag_item.rb#L105-127

HTH

–AJ

On 22 October 2011 09:52, Maven User < "> > wrote:
> Hi all -
>
> In the example on the opscode wiki,
> http://wiki.opscode.com/display/chef/Encrypted+Data+Bags there's an example
> on how to point to a non-standard place for your secret file:
>
> mysql_creds = Chef::EncryptedDataBagItem.load("passwords", "mysql", secret)
>
>
> I'm struggling a bit with the "secret" in the above statement.  From what I
> can tell, that can be a path (string) to the place where the secret file
> is.  But for the life of me, I can't seem to get that to click.  I keep
> getting a "bad decrypt" stacktrace.
>
> Is that supposed to be a path or the contents of the file?
>
> Any suggestions?
>
>




Archive powered by MHonArc 2.6.16.

§