chef - [chef] Re: Re: Re: Re: encrypted databag question

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Re: Re: Re: encrypted databag question

From: Maven User < >
To:
Subject: [chef] Re: Re: Re: Re: encrypted databag question
Date: Fri, 21 Oct 2011 17:18:57 -0400

[Fri, 21 Oct 2011 17:16:56 -0400] DEBUG: OpenSSL::Cipher::CipherError: bad decrypt
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/encrypted_data_bag_item.rb:136:in `final'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/encrypted_data_bag_item.rb:136:in `cipher'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/encrypted_data_bag_item.rb:102:in `decrypt_value'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/encrypted_data_bag_item.rb:63:in `[]'
c:/chef/cache/cookbooks/edb_demo/recipes/default.rb:13:in `from_file'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/cookbook_version.rb:578:in `load_recipe'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/mixin/language_include_recipe.rb:40:in `include_recipe'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/mixin/language_include_recipe.rb:27:in `each'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/mixin/language_include_recipe.rb:27:in `include_recipe'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/run_context.rb:72:in `load'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/run_context.rb:69:in `each'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/run_context.rb:69:in `load'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/client.rb:195:in `setup_run_context'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/client.rb:159:in `run'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/application/client.rb:239:in `run_application'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/application/client.rb:229:in `loop'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/application/client.rb:229:in `run_application'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/../lib/chef/application.rb:67:in `run'
C:/buildtools/Ruby187/lib/ruby/gems/1.8/gems/chef-0.10.4/bin/chef-client:26
C:/buildtools/Ruby187/bin/chef-client:19:in `load'
C:/buildtools/Ruby187/bin/chef-client:19
[Fri, 21 Oct 2011 17:16:56 -0400] FATAL: OpenSSL::Cipher::CipherError: bad decrypt

On Fri, Oct 21, 2011 at 5:15 PM, AJ Christensen < "> > wrote:

Can you show me the stack trace?

–AJ

On 22 October 2011 10:13, Maven User < "> > wrote:
> Even in debug mode - it doesn't say much more if I change the path to
> "C:/asdfasdfasdf" or some other value that doesn't exist.
>
> On Fri, Oct 21, 2011 at 5:12 PM, Maven User < "> > wrote:
>>
>> Ok, that's what I _thought_ and have the path to the secret file like
>> this:
>>
>> passwords = Chef::EncryptedDataBagItem.load("prod", "passwords",
>> "C:/chef/secret")
>>
>> And the "secret" file is right in that location as specified above.
>>
>> But I keep getting the following -
>>
>> DEBUG: OpenSSL::Cipher::CipherError: bad decrypt
>>
>> Is there something wrong with the key or with chef being unable to find
>> the key?
>>
>> On Fri, Oct 21, 2011 at 5:00 PM, AJ Christensen < "> >
>> wrote:
>>>
>>> Yo,
>>>
>>> You can put the secret anywhere.
>>>
>>> The third argument is a string to the path of the file containing the
>>> key.
>>>
>>> If you put your key in /etc/chef/encrypted_data_bag_secret, the
>>> default value of Chef::Config[:encrypted_data_bag_secret], you can
>>> omit the third argument.
>>>
>>> Here are the codes for loading the secret:
>>>
>>> https://github.com/opscode/chef/blob/master/chef/lib/chef/encrypted_data_bag_item.rb#L105-127
>>>
>>> HTH
>>>
>>> –AJ
>>>
>>> On 22 October 2011 09:52, Maven User < "> > wrote:
>>> > Hi all -
>>> >
>>> > In the example on the opscode wiki,
>>> > http://wiki.opscode.com/display/chef/Encrypted+Data+Bags there's an
>>> > example
>>> > on how to point to a non-standard place for your secret file:
>>> >
>>> > mysql_creds = Chef::EncryptedDataBagItem.load("passwords", "mysql",
>>> > secret)
>>> >
>>> >
>>> > I'm struggling a bit with the "secret" in the above statement. From
>>> > what I
>>> > can tell, that can be a path (string) to the place where the secret
>>> > file
>>> > is. But for the life of me, I can't seem to get that to click. I keep
>>> > getting a "bad decrypt" stacktrace.
>>> >
>>> > Is that supposed to be a path or the contents of the file?
>>> >
>>> > Any suggestions?
>>> >
>>> >
>>
>
>

[chef] encrypted databag question, Maven User, 10/21/2011
- [chef] Re: encrypted databag question, AJ Christensen, 10/21/2011
  - [chef] Re: Re: encrypted databag question, Maven User, 10/21/2011
    - [chef] Re: Re: encrypted databag question, Maven User, 10/21/2011
      - [chef] Re: Re: Re: encrypted databag question, AJ Christensen, 10/21/2011
        
        [chef] Re: Re: Re: Re: encrypted databag question, Maven User, 10/21/2011
        
        [chef] Re: Re: Re: Re: Re: encrypted databag question, AJ Christensen, 10/21/2011
  - [chef] Re: Re: encrypted databag question, Matthew Moretti, 10/21/2011
    - [chef] Re: Re: Re: encrypted databag question, Maven User, 10/21/2011
      - [chef] Re: Re: Re: Re: encrypted databag question, Matthew Moretti, 10/21/2011
        
        [chef] Re: Re: Re: Re: Re: encrypted databag question, Maven User, 10/21/2011
        
        [chef] Re: Re: Re: Re: Re: encrypted databag question, Maven User, 10/21/2011
        
        [chef] Re: Re: Re: Re: Re: Re: encrypted databag question, Seth Falcon, 10/23/2011
        [chef] Re: Re: Re: Re: Re: Re: Re: encrypted databag question, Maven User, 10/24/2011