- From: Teemu Matilainen <
>
- To:
- Subject: [chef] Re: auto copy encrypted_data_bag_secret on the node not working
- Date: Tue, 29 Jan 2013 10:54:17 -0300
On Tue, Jan 29, 2013 at 8:31 AM, Sachin Sagar Rai
<
>
wrote:
>
>
In my chef-repo's knife.rb file, I've the following config for
>
`encrypted_data_bag_secret`
>
>
......
>
# Encrypted data bag secret file
>
knife[:encrypted_data_bag_secret] =
>
"/Users/millisami/.chef/encrypted_data_bag_secret"
This should be just:
encrypted_data_bag_secret
"/Users/millisami/.chef/encrypted_data_bag_secret"
>
And this is the snippet of the default chef-full distro:
>
>
<% if @chef_config[:encrypted_data_bag_secret] -%>
>
(
>
cat <<'EOP'
>
<%= encrypted_data_bag_secret %>
>
EOP
>
) > /tmp/encrypted_data_bag_secret
>
awk NF /tmp/encrypted_data_bag_secret >
>
/etc/chef/encrypted_data_bag_secret
>
rm /tmp/encrypted_data_bag_secret
>
<% end -%>
Btw, the version in the latest releases is a bit simpler and avoids
the hardcoded (and thus insecure) /tmp paths.
--
Cheers,
- Teemu
Archive powered by MHonArc 2.6.16.