[chef] Re: RE: Re: RE: Re: Using encrypted data bags in cookbooks?

[AJ Christensen < >]

It looks like your knife config is wrong. Can you puts the value of
the encrypted_data_bag_secret after setting it? does that path expand
properly?

"#{home_dir}/.chef/encrypted_data_bag_secret"

do you have a local variable called "home_dir" in your knife.rb ? this
ruby string expansion relies on it. if nil, the path is probably
borked.

chuck `puts encrypted_data_bag_secret` in you config and see what it reckons

cheers,

--aj

On Thu, Jan 22, 2015 at 10:26 AM, Fouts, Chris 
<
 >
 wrote:
> Thanks, but I was under the impression that the bootstrap (even the default
> template) will do this for me, using the same process it does to copy the
> validator.pem locally to the node. I see this in the chef-full.erb file
>
>
>
> <% if encrypted_data_bag_secret -%>
>
> cat > /etc/chef/encrypted_data_bag_secret <<'EOP'
>
> <%= encrypted_data_bag_secret %>
>
> EOP
>
> chmod 0600 /etc/chef/encrypted_data_bag_secret
>
> <% end -%>
>
>
>
> Chris
>
> From: Tiago Cruz 
> [mailto:
 
> Sent: Wednesday, January 21, 2015 3:27 PM
> To: 
> 
 
> Subject: [chef] Re: RE: Re: Using encrypted data bags in cookbooks?
>
>
>
> You need to scp the file to your node at /etc/chef/encrypted_data_bag_secret
>
>
>
> On Wed, Jan 21, 2015 at 6:09 PM, Fouts, Chris 
> <
 >
> wrote:
>
> I have this in my knife.rb file
>
>
>
> …….
>
> validation_key           "#{current_dir}/validator.pem"
>
> encrypted_data_bag_secret “#{current_dir}/encrypted_data_bag_secret”
>
> …….
>
>
>
> The knife.rb, validator.pem, and encrypted_data_bag_secret files are in
> <some_path>/.chef directory.
>
>
>
> Chris
>
>
>
>
>
>
>
>
>
> From: Daniel Condomitti 
> [mailto:
 
> Sent: Wednesday, January 21, 2015 2:45 PM
> To: 
> 
 
> Subject: [chef] Re: Using encrypted data bags in cookbooks?
>
>
>
> Are you using a custom bootstrap template? Check your template to ensure
> that your template includes the encrypted_data_bag_secret logic
> https://github.com/opscode/chef/blob/master/lib/chef/knife/bootstrap/chef-full.erb#L46
>
>
>
> Is the correct path being used in your knife config?
>
> On Wednesday, January 21, 2015 at 2:38 PM, Fouts, Chris wrote:
>
> Client: v12.0.3
>
> Server: Chef 12 Enterprise
>
>
>
> I’m encrypting my data bags, but now of course would want to use them when I
> run my cookbooks in my nodes. This means that I’ll need to decrypt my data
> bag, which in turn means I’ll need the key. One solution I’ve been reading
> is to copy the key file in the node’s /etc/chef/* directory during the
> bootstrap process. I read this
> http://lists.opscode.com/sympa/arc/chef/2013-04/msg00142.html, which shows
> adding this line in the knife.rb file
>
>
>
> encrypted_data_bag_secret "#{home_dir}/.chef/encrypted_data_bag_secret"
>
>
>
> …which will then automagically copy the file over to the node. However, I
> don’t see /etc/chef/encrypted_data_bag file in the boostrapped node.
>
>
>
> What am I missing?
>
>
>
> Chris
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
> -- Tiago Cruz