On Friday, July 13, 2012 at 10:48 AM, Maven User wrote:Hi all -We're contemplating storing the values of some ssl keys and certificates in an encrypted databag, but I have a couple of questions:1 - Is there a way to have "local" encrypted databags? I was able to create an encrypted databag on our chef server, list the encrypted values and copy/pasted them into a local json file. Using the key that will successfully decrypt the values from the databag stored on the server, I cannot decrypt the same values out of the local .json file. Shouldn't that work?2 - What is the standard way to get the key for decrypting databag values on a machine? We're trying to do this in an automated fashion and haven't found a place that best suits automated bootstrapping - what are people doing?3 - Some of the crt and key values are escape characters - is it possible to escape them without screwing up the actual values?Thanks a million :-/We write the databag secret to disk as part of our custom bootstrap template. It's built into the default bootstraps though (https://github.com/opscode/chef/blob/master/chef/lib/chef/knife/bootstrap/centos5-gems.erb#L34-42) as long as you have the encrypted secret configured in client.rb on the machine initiating the bootstrap. As far as the certificates themselves go, what format are your certificates in? I would look into storing them in PEM format since they'd be base64 encoded and you wouldn't have to worry about escaping anything.Dan
Archive powered by MHonArc 2.6.16.