Created
December 15, 2010 20:39
-
-
Save lusis/742575 to your computer and use it in GitHub Desktop.
Encrypts a databag item for Chef
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| begin | |
| require 'encrypted_strings' | |
| rescue LoadError | |
| puts "encrypted_strings gem required" | |
| end | |
| begin | |
| require 'json' | |
| rescue LoadError | |
| puts "json required" | |
| end | |
| require 'rake' | |
| PASSKEY='somedecryptionstringblahblahblah' | |
| desc "Encrypt a databag item in the passwords databag" | |
| task :encrypt_databag, :databag_item do |t, args| | |
| plain_data = JSON.load(File.open(File.join(TOPDIR, 'data_bags', 'passwords', "#{args.databag_item}.json"), "r")) | |
| crypted_json_file = File.new(File.join(TOPDIR, 'data_bags', 'passwords', "#{args.databag_item}_crypted.json"), "w+") | |
| puts "Found item: #{plain_data['id']}. Encrypting" | |
| plain_data['data'].encrypt! :symmetric, :algorithm => 'blowfish', :password => PASSKEY | |
| puts "Encrypted data is #{plain_data['data']}" | |
| crypted_json_file.write(plain_data.to_json) | |
| crypted_json_file.close | |
| puts "Uploading to Chef server" | |
| system("knife data bag from file passwords #{args.databag_item}_crypted.json") | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"id":"svnpass","data":"mysvnpassword"} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There's a commensurate component in the recipe that I still need to create. Read the logic in the blog post here: http://goo.gl/WZw2y