[chef] Re: RE: Re: RE: Re: Managing passwords on multiple webapp/users creation


Chronological Thread 
  • From: Jeremiah Snapp < >
  • To:
  • Subject: [chef] Re: RE: Re: RE: Re: Managing passwords on multiple webapp/users creation
  • Date: Mon, 7 Jan 2013 09:59:29 -0500

The following link discusses databag editing from within a recipe. Be aware that it does come with two warnings.

1. Unexpected data loss if multiple nodes edit the same databag.
2. Open source chef requires the node's API client to have admin rights.

http://docs.opscode.com/essentials_data_bags_use_recipe.html#creating-and-editing-data-bag-within-a-recipe

On Jan 7, 2013 8:26 AM, "Philippe Bérard" < "> > wrote:
OK, thanks AJ for pointing this out. Still no clue for writing to encrypted databags, though, I’ll see if there’s any chance to have a working Chef::EncryptedDataBagItem.save

 

Regards,

 

-- Philippe Bérard

 

De : AJ Christensen [mailto: " target="_blank"> ]
Envoyé : lundi 7 janvier 2013 11:46
À : " target="_blank">
Objet : [chef] Re: RE: Re: Managing passwords on multiple webapp/users creation

 

That blog post an ancient and isn't even the Chef encrypted data bags. It was John's approach before encrypted data bags were made.

 

On 7 January 2013 23:44, Philippe Bérard < " target="_blank"> > wrote:

Hello Seth and thanks for your answer,

I've tried, maybe the wrong way, to write to encrypted databags, with no
success.

I'll follow the instructions found here
(http://lusislog.blogspot.fr/2011/01/chef-and-encrypted-data-bags-revisted.h
tml
) , though, and publish my findings if anyone's interested.

Regards,

-- Philippe Bérard


-----Message d'origine-----
De : Seth Falcon [mailto: " target="_blank"> ]
Envoyé : lundi 7 janvier 2013 06:03
À : < " target="_blank"> >
Objet : [chef] Re: Managing passwords on multiple webapp/users creation



On Jan 4, 2013, at 1:57 AM, Philippe Bérard wrote:
> I’ve tried to use encrypted databags but this kind of databag can’t be
written by a recipe, only read.

I'm not sure that's true. Encrypted data bags are regular data bags that the
client treats specially to decrypt with a shared secret. If you have the
shared secret, you can update/add entries and make the API call to save the
data bag item.

So if the simple shared secret approach that encrypted data bags provides
will work for you, I think you can teach your recipes to updates encrypted
data bags.



 




Archive powered by MHonArc 2.6.16.

§