[chef] Re: Re: restoring lost encrypted data bag item entries

ah! i just upgraded my knife client (chef) on my local rvm install, it bumped
up to chef-11.4.0, and now i can see the data bag contents.

thanks


On Fri, 01 Mar 2013, Daniel DeLeo wrote:

> On Friday, March 1, 2013 at 3:42 PM, 
> 
 
>  wrote:
> 
> > 
> > likely due to not having a YAML engine config in my knife.rb on one of my
> > systems, i think i caused some contents to drop out of one of my encrypted
> > data bags.
> > 
> > missing in knife.rb: YAML::ENGINE.yamler = 'syck' if RUBY_VERSION > '1.9'
> > 
> > [ops:master chef-repo]$ knife data bag show secrets --secret-file 
> > ~/.chef/encrypted_data_bag_secret -Fj db-item | grep X509
> > "FOO_X509_PRIVATEKEY": "",
> > "FOO_X509_SERVERCERT": "",
> > 
> > 
> > i do have the data bag item contents committed to git in encrypted form:
> > 
> > [ops:master chef-repo]$ grep FOO data_bags/secrets/db-item.json 
> > "FOO_X509_SERVERCERT": "redacted\n",
> > "FOO_X509_PRIVATEKEY": "redacted\n",
> > 
> > how could i use ~/.chef/encrypted_data_bag_secret to decrypt the contents 
> > of
> > the file in git to restore the full data bag contents to the chef server?
> > i suspect there's some openssl or gpg or library incantantion to do this.
> > i just don't know what.
> > 
> > if can get the decrypted contents into a json file, i'd then restore 
> > using:
> > 
> > knife data bag from file --secret-file ~/.chef/encrypted_data_bag_secret 
> > secrets decrypted.json
> > 
> > thanks!
> > kallen
> > 
> > 
> 
> As long as no other corruption has happened, whatever ruby version/yaml 
> engine was used to create them should be able to read them. 
> 
> If you have chef-client 10.18+ on your servers and client 11.0+ for knife, 
> you can use the new format that doesn't have this problem.

any suggestion for what to do if i don't have knife 11.0+? my clients and
servers are a mix of 10.x. my knife client on my workstation now is 10.16.

do you know if 11.0+ is installable via gem?