Well, that worked, but I'm not sure I'm really jazzed by that solution.
I was able to update my client.rb file to point to the exact file the secret was in and it worked.
But, what if different cookbooks have different secret files?
Either way, the secret file isn't bad/borked...
So is there a way to set the default in the recipe or is it too late by then?On Fri, Oct 21, 2011 at 5:25 PM, Matthew Moretti < " target="_blank"> > wrote:
I'm pretty sure that the 3rd argument is actually the encryption secret itself (see slightly higher up in the same file) If you want to use a file location other than the default, I think you're supposed to say so in your chef config.
-Matt MorettiOn Fri, Oct 21, 2011 at 5:00 PM, AJ Christensen < " target="_blank"> > wrote:
Yo,
You can put the secret anywhere.
The third argument is a string to the path of the file containing the key.
If you put your key in /etc/chef/encrypted_data_bag_secret, the
default value of Chef::Config[:encrypted_data_bag_secret], you can
omit the third argument.
Here are the codes for loading the secret:
https://github.com/opscode/chef/blob/master/chef/lib/chef/encrypted_data_bag_item.rb#L105-127
HTH
–AJ
On 22 October 2011 09:52, Maven User < " target="_blank"> > wrote:
> Hi all -
>
> In the example on the opscode wiki,
> http://wiki.opscode.com/display/chef/Encrypted+Data+Bags there's an example
> on how to point to a non-standard place for your secret file:
>
> mysql_creds = Chef::EncryptedDataBagItem.load("passwords", "mysql", secret)
>
>
> I'm struggling a bit with the "secret" in the above statement. From what I
> can tell, that can be a path (string) to the place where the secret file
> is. But for the life of me, I can't seem to get that to click. I keep
> getting a "bad decrypt" stacktrace.
>
> Is that supposed to be a path or the contents of the file?
>
> Any suggestions?
>
>
Archive powered by MHonArc 2.6.16.