[chef] Chef Solo and postgres password

[Liam Kirsher < >]

Hi --

I'm using the postgresql and database cookbooks with Chef Solo.  This is all working quite nicely!
The one little thing that seems a bit clumsy is that I have to supply both the hashed and plain text passwords. Am I correct about that?
postgresql_database requires the plain text version.
Using postgresql cookbook requires adding the hashed version to the node.
Ideally, I'd rather not have unencrypted passwords lying around... I guess the best thing is to use encrypted data bags?

database cookbook:

# create a postgresql database
postgresql_database 'mr_softie' do
  connection(
    :host      => '127.0.0.1'
    :port      => 5432,
    :username  => 'postgres',
    :password  => node['postgresql']['password']['postgres']
  )
  action :create
end

postgresql cookbook:

{
  "postgresql": {
    "password": {
      "postgres": "iloverandompasswordsbutthiswilldo"
    }
  },
  "run_list": ["recipe[postgresql::server]"]
}

That should actually be the "encrypted password" instead of cleartext, so you should generate it as an md5 hash using the PostgreSQL algorithm.

-- 
Liam Kirsher
PGP: http://liam.numenet.com/pgp/