[chef] Re: using knife.rb attributes in a recipe

[Michael Della Bitta < >]

Osvaldo,

Just a thought: It might be an antipattern to assume that the creds
you launch instances with will be the same as the ones you want on
your server for it to do things. IAM allows you to issue credentials
that are locked down to specific tasks (i.e., an EC2 instance might
not be allowed to create more EC2 instances), and you might want to
deploy those to your instances instead, or even deploy different ones
depending on the server's role.

We're storing our credentials in a data bag and propagating them that
way, so it will be easy to change them out should we have to.

Michael Della Bitta

------------------------------------------------
Appinions
18 East 41st Street, 2nd Floor
New York, NY 10017-6271

www.appinions.com

Where Influence Isn’t a Game


On Thu, Oct 4, 2012 at 12:21 PM, O. T. Suarez 
<
 >
 wrote:
> Hi,
>
> Attributes stored in the knife.rb file (like the AWS Cloud
> Credentials), on the chef workstation, can be used while bootstraping
> a node.
> Does anyone knows how to use knife.rb attributes in a recipe?
> Is that even possible?
>
> this whole thing came up while trying to find a way to make the
> encrypted databag secret key available to the recipes using something
> like chef::config properties (chef::config['knife'] actually, but I
> couldn't make it work), to avoid having to scp the key file or keeping
> it on the chef client host (security considerations are not an issue,
> just the technical challenge of whether or not this can be done ;).
>
> Regards,
> Osvaldo