General discussion about Chef

[chef] Re: Re: Re: Re: Chef Vault without knife.


Chronological Thread 
  • From: Douglas Garstang < >
  • To:
  • Subject: [chef] Re: Re: Re: Re: Chef Vault without knife.
  • Date: Sat, 6 Jun 2015 07:43:50 -0700
The documentation for chef vault at https://github.com/Nordstrom/chef-vault seems to suggest that you need to pass client_key_path, which has the private key to decrypt the vault item, when loading the item from chef vault. Since the file also needs to go into the cookbook and therefore also revision control, I'm not understanding the benefit of chef vault. What am I missing?

Kevin, this is for for HTTP certs, so I gotta have the private key on the box.

Doug.


On Fri, Jun 5, 2015 at 2:19 PM, Tensibai Zhaoying < " target="_blank"> > wrote:

And what is the problem having a vault which store the key and getting it in the recipe just following the Chef-vault README ?

Chef_gem "chef-vault"
Require 'chef-vault'
Cert=ChefVault::Item.load('vault','item')['cert entry']

Try to expose where you're stuck if you want help, we can't do divination tricks to guess...

Le 5 juin 2015 21:47, Douglas Garstang < " target="_blank"> > a écrit :
I'm trying to find a generic, scalable way, to install an SSL private key onto an EC2 instance.

Doug.

On Fri, Jun 5, 2015 at 12:20 PM, Tensibai Zhaoying < " target="_blank"> > wrote:

Is it possible to have a more detailed explanation on what your problem is ?

As is I can't tell what you try to do...

Le 5 juin 2015 19:31, Douglas Garstang < " target="_blank"> > a écrit :
Is it possible to use chef-vault without having to use the knife command? My systems come up, and run the chef-client automaticaly.

Thanks,
Doug




--



--
Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: " target="_blank">
Cell: +1-805-340-5627

Archive powered by MHonArc 2.6.16.

§