General discussion about Chef

[chef] RE: Re: Using encrypted data bags in cookbooks?


Chronological Thread 
  • From: "Fouts, Chris" < >
  • To: " " < >
  • Subject: [chef] RE: Re: Using encrypted data bags in cookbooks?
  • Date: Wed, 21 Jan 2015 19:57:49 +0000
  • Accept-language: en-US

No, using default bootstrap template (chef-full)

 

Chris

 

From: Daniel Condomitti [mailto:
Sent: Wednesday, January 21, 2015 2:45 PM
To:
Subject: [chef] Re: Using encrypted data bags in cookbooks?

 

Are you using a custom bootstrap template? Check your template to ensure that your template includes the encrypted_data_bag_secret logic https://github.com/opscode/chef/blob/master/lib/chef/knife/bootstrap/chef-full.erb#L46

 

Is the correct path being used in your knife config?

On Wednesday, January 21, 2015 at 2:38 PM, Fouts, Chris wrote:

Client: v12.0.3

Server: Chef 12 Enterprise

 

I’m encrypting my data bags, but now of course would want to use them when I run my cookbooks in my nodes. This means that I’ll need to decrypt my data bag, which in turn means I’ll need the key. One solution I’ve been reading is to copy the key file in the node’s /etc/chef/* directory during the bootstrap process. I read this http://lists.opscode.com/sympa/arc/chef/2013-04/msg00142.html, which shows adding this line in the knife.rb file

 

encrypted_data_bag_secret "#{home_dir}/.chef/encrypted_data_bag_secret"

 

…which will then automagically copy the file over to the node. However, I don’t see /etc/chef/encrypted_data_bag file in the boostrapped node.

 

What am I missing?

 

Chris

 

 

 

 


Archive powered by MHonArc 2.6.16.

§