-Matt Moretti
On Mon, Jul 16, 2012 at 3:05 PM, Maven User <
">
> wrote:
>
> Are there any other details about this technique somewhere?
>
> And is this file only living on the place where you're launching knife from?
>
>
> On Fri, Jul 13, 2012 at 2:00 PM, Daniel Condomitti <
">
> wrote:
>>
>> On Friday, July 13, 2012 at 10:48 AM, Maven User wrote:
>>
>> Hi all -
>>
>> We're contemplating storing the values of some ssl keys and certificates in an encrypted databag, but I have a couple of questions:
>>
>> 1 - Is there a way to have "local" encrypted databags? I was able to create an encrypted databag on our chef server, list the encrypted values and copy/pasted them into a local json file. Using the key that will successfully decrypt the values from the databag stored on the server, I cannot decrypt the same values out of the local .json file. Shouldn't that work?
>> 2 - What is the standard way to get the key for decrypting databag values on a machine? We're trying to do this in an automated fashion and haven't found a place that best suits automated bootstrapping - what are people doing?
>> 3 - Some of the crt and key values are escape characters - is it possible to escape them without screwing up the actual values?
>>
>> Thanks a million :-/
>>
>> We write the databag secret to disk as part of our custom bootstrap template. It's built into the default bootstraps though (
https://github.com/opscode/chef/blob/master/chef/lib/chef/knife/bootstrap/centos5-gems.erb#L34-42) as long as you have the encrypted secret configured in client.rb on the machine initiating the bootstrap. As far as the certificates themselves go, what format are your certificates in? I would look into storing them in PEM format since they'd be base64 encoded and you wouldn't have to worry about escaping anything.
>>
>> Dan
>
>