[chef] Re: Re: Re: distribute ssl certs using encrypted data bags

[Brad Knowles < >]

On Jan 6, 2012, at 6:19 PM, 

 
 wrote:

> question 1 --
> 
> when i cut n pasted the ASCII version of the cert into my json file,
> then "data bag from file'd" it, chef did not do any conversion on
> those newlines... if i understood you correctly. to illustrate:

The instructions from jtimberman that I followed do not involve creating a 
file from which you can do a "knife data bag from file".  You do a "knife 
data bag create" instead, and there is no permanent file created that has the 
data stored in unencrypted plaintext format.  His instructions are at 
<http://jtimberman.posterous.com/64227128>.

> then json was happy. i wonder if i misunderstood what you meant by
> copy-pasting and chef doing some internal conversion. maybe the
> conversion happens at rendering time. did you insert \n by hand?

When you do the "knife data bag show ... -Fj", that will do the conversion 
for you into json format -- that's what the "-Fj" is for.  You don't use json 
format for input into the creation process, it's an output format.

> question 2 --
> 
> if it were important, how would i get rid of the final newline in
> my resulting pem file? the app that uses the cert and key are behaving
> ok with there being a final newline. but istr some anecdote about
> needing to NOT have a final newline character. or maybe i'm
> misremembering and this is a silly question.

I'm not sure I've got any useful advice for this case.

-- 
Brad Knowles 
<
 >
SAGE Level IV, Chef Level 0.0.1