4. How do i encrypt a chef data bag?

How do i encrypt a chef data bag?


  • knife data bag man page: http://bit.ly/2ps8xjK

    For sensitive information like passwords and ssh keys data bag variables should be encrypted.

    First create a secret key. Here example path used to store the secret key.

    $ sudo openssl rand -base64 512 | tr -d '\r\n' > /root/chef_encrypted

    This command launches an editor to add the variables.

    $ knife data bag create passwords samba --secret-file /root/chef_encrypted
Created data_bag[passwords]
Created data_bag_item[samba]

    Verify of the passwords data bag is encrypted.

    $ knife data bag show passwords samba
WARNING: Encrypted data bag detected, but no secret provided for decoding. Displaying encrypted data.
id:        samba
smbpasswd:
  cipher:         aes-256-cbc
  encrypted_data: SjWfPlSFZoQd6aY7r3a3dbGEUeJE4YS8TPqyServGifGPNZ7mQM2kEjT1hEc
  pX52
  
  iv:             rfikujQ5T7BdyZK5TzNFkg==
  
  version:        1
chef 52
Log in to reply
 

© Lightnetics 2024