[chef] Re: How should I handle the problem of the pubkey auth for git repos in Chef recipes?

[AJ Christensen < >]

For GitHub specifically, the OAuth solution rings true: https://github.com/blog/1270-easier-builds-and-deployments-using-git-over-https-and-oauth

Managing an SSH Keypair and adding it to a GitHub account is also viable with the API(s), but I'd suggest evaluating the HTTPS + OAuth solution.

A light weight solution may be to (human) generate a once-off deployment key, add it to the GitHub repo (only one deployment key per repo is allowed), or add it to a generic GitHub account (and add this account to your repos') and then, as you've mentioned, store the keypair in an encrypted (or non) data-bag. The benefit to this is the model is appropriate for non GitHub "git" installations.

Cheers,

AJ

On 13 November 2012 15:43, Marcelo de Moraes Serpa < " target="_blank"> > wrote:

Hello list,

I want to use Chef as "executable documentation" for my server(s) infrastructure. The classic Chef+Chef Server (or opscode platform) conf is overkill for me, so I'm using the "good old" chef-solo.

I'm writing my own recipe as a way to practice. The goal of this recipe is to describe my current Server in Chef, and allow me to recreate it somewhere else (both server provisioning and app provisioning). I'm using Vagrant to test it out.

My question is: How should I handle the problem of the pubkey auth for git repos? Is there a way to "tunnel" the private key from my workstation? I've seen the "secret databag" solution, but I found it a bit awkward to setup. Another solution perhaps would be to go to the server and manually create a key pair, upload the pub key to github and then point to it in the recipe configuration, however, this requires some manual labor that can't be avoided (uploading the key to github).

What would be the best way to solve this problem? Any insights appreciated!

Thanks in advance,

- Marcelo.