[chef] RE: Re: RE: Re: Managing passwords on multiple webapp/users creation

[Philippe Bérard < >]

OK, thanks AJ for pointing this out. Still no clue for writing to encrypted databags, though, I’ll see if there’s any chance to have a working Chef::EncryptedDataBagItem.save

 

Regards,

 

-- Philippe Bérard

 

De : AJ Christensen [mailto:
Envoyé : lundi 7 janvier 2013 11:46
À :
Objet : [chef] Re: RE: Re: Managing passwords on multiple webapp/users creation

 

That blog post an ancient and isn't even the Chef encrypted data bags. It was John's approach before encrypted data bags were made.

 

http://docs.opscode.com/essentials_data_bags_encrypt.html

 

Cheers,

 

AJ

 

On 7 January 2013 23:44, Philippe Bérard < " target="_blank"> > wrote:

Hello Seth and thanks for your answer,

I've tried, maybe the wrong way, to write to encrypted databags, with no
success.

I'll follow the instructions found here
(http://lusislog.blogspot.fr/2011/01/chef-and-encrypted-data-bags-revisted.h
tml) , though, and publish my findings if anyone's interested.

Regards,

-- Philippe Bérard


-----Message d'origine-----
De : Seth Falcon [mailto: "> ]
Envoyé : lundi 7 janvier 2013 06:03
À : < "> >
Objet : [chef] Re: Managing passwords on multiple webapp/users creation

On Jan 4, 2013, at 1:57 AM, Philippe Bérard wrote:
> I’ve tried to use encrypted databags but this kind of databag can’t be
written by a recipe, only read.

I'm not sure that's true. Encrypted data bags are regular data bags that the
client treats specially to decrypt with a shared secret. If you have the
shared secret, you can update/add entries and make the API call to save the
data bag item.

So if the simple shared secret approach that encrypted data bags provides
will work for you, I think you can teach your recipes to updates encrypted
data bags.