chef - [chef] Re: Re: Re: encrypted databag question

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Re: Re: encrypted databag question

From: AJ Christensen < >
To:
Subject: [chef] Re: Re: Re: encrypted databag question
Date: Sat, 22 Oct 2011 10:15:07 +1300

Can you show me the stack trace?

–AJ

On 22 October 2011 10:13, Maven User
< >
wrote:
> Even in debug mode - it doesn't say much more if I change the path to
> "C:/asdfasdfasdf" or some other value that doesn't exist.
>
> On Fri, Oct 21, 2011 at 5:12 PM, Maven User
> < >
>  wrote:
>>
>> Ok, that's what I _thought_ and have the path to the secret file like
>> this:
>>
>> passwords = Chef::EncryptedDataBagItem.load("prod", "passwords",
>> "C:/chef/secret")
>>
>> And the "secret" file is right in that location as specified above.
>>
>> But I keep getting the following -
>>
>> DEBUG: OpenSSL::Cipher::CipherError: bad decrypt
>>
>> Is there something wrong with the key or with chef being unable to find
>> the key?
>>
>> On Fri, Oct 21, 2011 at 5:00 PM, AJ Christensen
>> < >
>> wrote:
>>>
>>> Yo,
>>>
>>> You can put the secret anywhere.
>>>
>>> The third argument is a string to the path of the file containing the
>>> key.
>>>
>>> If you put your key in /etc/chef/encrypted_data_bag_secret, the
>>> default value of Chef::Config[:encrypted_data_bag_secret], you can
>>> omit the third argument.
>>>
>>> Here are the codes for loading the secret:
>>>
>>> https://github.com/opscode/chef/blob/master/chef/lib/chef/encrypted_data_bag_item.rb#L105-127
>>>
>>> HTH
>>>
>>> –AJ
>>>
>>> On 22 October 2011 09:52, Maven User
>>> < >
>>>  wrote:
>>> > Hi all -
>>> >
>>> > In the example on the opscode wiki,
>>> > http://wiki.opscode.com/display/chef/Encrypted+Data+Bags there's an
>>> > example
>>> > on how to point to a non-standard place for your secret file:
>>> >
>>> > mysql_creds = Chef::EncryptedDataBagItem.load("passwords", "mysql",
>>> > secret)
>>> >
>>> >
>>> > I'm struggling a bit with the "secret" in the above statement.  From
>>> > what I
>>> > can tell, that can be a path (string) to the place where the secret
>>> > file
>>> > is.  But for the life of me, I can't seem to get that to click.  I keep
>>> > getting a "bad decrypt" stacktrace.
>>> >
>>> > Is that supposed to be a path or the contents of the file?
>>> >
>>> > Any suggestions?
>>> >
>>> >
>>
>
>

[chef] encrypted databag question, Maven User, 10/21/2011
- [chef] Re: encrypted databag question, AJ Christensen, 10/21/2011
  - [chef] Re: Re: encrypted databag question, Maven User, 10/21/2011
    - [chef] Re: Re: encrypted databag question, Maven User, 10/21/2011
      - [chef] Re: Re: Re: encrypted databag question, AJ Christensen, 10/21/2011
        
        [chef] Re: Re: Re: Re: encrypted databag question, Maven User, 10/21/2011
        
        [chef] Re: Re: Re: Re: Re: encrypted databag question, AJ Christensen, 10/21/2011
  - [chef] Re: Re: encrypted databag question, Matthew Moretti, 10/21/2011
    - [chef] Re: Re: Re: encrypted databag question, Maven User, 10/21/2011
      - [chef] Re: Re: Re: Re: encrypted databag question, Matthew Moretti, 10/21/2011
        
        [chef] Re: Re: Re: Re: Re: encrypted databag question, Maven User, 10/21/2011
        
        [chef] Re: Re: Re: Re: Re: encrypted databag question, Maven User, 10/21/2011
        
        [chef] Re: Re: Re: Re: Re: Re: encrypted databag question, Seth Falcon, 10/23/2011
        [chef] Re: Re: Re: Re: Re: Re: Re: encrypted databag question, Maven User, 10/24/2011