I'm pretty sure that the 3rd argument is actually the encryption secret itself (see slightly higher up in the same file) If you want to use a file location other than the default, I think you're supposed to say so in your chef config.
-Matt MorettiOn Fri, Oct 21, 2011 at 5:00 PM, AJ Christensen < " target="_blank"> > wrote:
Yo,
You can put the secret anywhere.
The third argument is a string to the path of the file containing the key.
If you put your key in /etc/chef/encrypted_data_bag_secret, the
default value of Chef::Config[:encrypted_data_bag_secret], you can
omit the third argument.
Here are the codes for loading the secret:
https://github.com/opscode/chef/blob/master/chef/lib/chef/encrypted_data_bag_item.rb#L105-127
HTH
–AJ
On 22 October 2011 09:52, Maven User < " target="_blank"> > wrote:
> Hi all -
>
> In the example on the opscode wiki,
> http://wiki.opscode.com/display/chef/Encrypted+Data+Bags there's an example
> on how to point to a non-standard place for your secret file:
>
> mysql_creds = Chef::EncryptedDataBagItem.load("passwords", "mysql", secret)
>
>
> I'm struggling a bit with the "secret" in the above statement. From what I
> can tell, that can be a path (string) to the place where the secret file
> is. But for the life of me, I can't seem to get that to click. I keep
> getting a "bad decrypt" stacktrace.
>
> Is that supposed to be a path or the contents of the file?
>
> Any suggestions?
>
>
Archive powered by MHonArc 2.6.16.