Skip to content

Instantly share code, notes, and snippets.

@lusis
Created December 15, 2010 20:39
Show Gist options
  • Save lusis/742575 to your computer and use it in GitHub Desktop.
Save lusis/742575 to your computer and use it in GitHub Desktop.
Encrypts a databag item for Chef
begin
require 'encrypted_strings'
rescue LoadError
puts "encrypted_strings gem required"
end
begin
require 'json'
rescue LoadError
puts "json required"
end
require 'rake'
PASSKEY='somedecryptionstringblahblahblah'
desc "Encrypt a databag item in the passwords databag"
task :encrypt_databag, :databag_item do |t, args|
plain_data = JSON.load(File.open(File.join(TOPDIR, 'data_bags', 'passwords', "#{args.databag_item}.json"), "r"))
crypted_json_file = File.new(File.join(TOPDIR, 'data_bags', 'passwords', "#{args.databag_item}_crypted.json"), "w+")
puts "Found item: #{plain_data['id']}. Encrypting"
plain_data['data'].encrypt! :symmetric, :algorithm => 'blowfish', :password => PASSKEY
puts "Encrypted data is #{plain_data['data']}"
crypted_json_file.write(plain_data.to_json)
crypted_json_file.close
puts "Uploading to Chef server"
system("knife data bag from file passwords #{args.databag_item}_crypted.json")
end
{"id":"svnpass","data":"mysvnpassword"}
@lusis
Copy link
Author

lusis commented Dec 15, 2010

There's a commensurate component in the recipe that I still need to create. Read the logic in the blog post here: http://goo.gl/WZw2y

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment