How do i encrypt a chef data bag?
-
knife data bag man page: http://bit.ly/2ps8xjK
For sensitive information like passwords and ssh keys data bag variables should be encrypted.
First create a secret key. Here example path used to store the secret key.
$ sudo openssl rand -base64 512 | tr -d '\r\n' > /root/chef_encrypted
This command launches an editor to add the variables.
$ knife data bag create passwords samba --secret-file /root/chef_encrypted Created data_bag[passwords] Created data_bag_item[samba]
Verify of the passwords data bag is encrypted.
$ knife data bag show passwords samba WARNING: Encrypted data bag detected, but no secret provided for decoding. Displaying encrypted data. id: samba smbpasswd: cipher: aes-256-cbc encrypted_data: SjWfPlSFZoQd6aY7r3a3dbGEUeJE4YS8TPqyServGifGPNZ7mQM2kEjT1hEc pX52 iv: rfikujQ5T7BdyZK5TzNFkg== version: 1
© Lightnetics 2024