chef - [chef] Re: Handling of encrypted data bag keys

First login ?
Lost password ?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Handling of encrypted data bag keys

From: Sachin Sagar Rai < >
To:
Subject: [chef] Re: Handling of encrypted data bag keys
Date: Thu, 11 Apr 2013 17:34:11 +0545

You can put the following line in knife.rb file

encrypted_data_bag_secret "#{home_dir}/.chef/encrypted_data_bag_secret"

Now, whenever you bootstrap the node on ec2, it will be copied over the node automatically.

-------------------------------------------

@millisami
~ Sachin Sagar Rai
Ruby on Rails Developer
http://tfm.com.np
http://nepalonrails.com

http://funsole.com

Sent with Sparrow

On Thursday, April 11, 2013 at 4:45 PM, Thom May wrote:

Hey,
how are people handling the distribution of encryption keys for data bags? It seems unfortunate to have to copy out the encryption key at bootstrap time, but having it as a cookbook file is daft.

So then I was thinking I'd have the key on a private s3 bucket, which could then be accessed with signed urls.
But then I thought, if we're doing that, why bother putting the file on disk at all? Just download the contents at the start of the chef run, use it for the duration, and let the key go away when the chef process dies.

Am I missing something?
-T

[chef] Handling of encrypted data bag keys, Thom May, 04/11/2013
- [chef] Re: Handling of encrypted data bag keys, Sachin Sagar Rai, 04/11/2013
  - [chef] Re: Re: Handling of encrypted data bag keys, Thom May, 04/11/2013
    - [chef] Re: Re: Re: Handling of encrypted data bag keys, Moser, Kevin, 04/11/2013