Created
May 11, 2017 10:22
-
-
Save anonymous/4923ebeee53fe4d43a1cfb70a2abaadd to your computer and use it in GitHub Desktop.
Encrypt/Decrypt chef data bags locally
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
require 'chef/encrypted_data_bag_item' | |
require 'json' | |
secret = Chef::EncryptedDataBagItem.load_secret ARGV[0] | |
to_decrypt = JSON.parse($stdin.read) | |
id = to_decrypt.delete('id') | |
decrypted_data = to_decrypt.reduce({}) do |h,(k,v)| | |
decryptor = Chef::EncryptedDataBagItem::Decryptor.for(v, secret) | |
h[k] = Chef::JSONCompat.parse(decryptor.decrypted_data)['json_wrapper'] | |
h | |
end | |
decrypted_data['id'] = id | |
puts JSON.dump decrypted_data |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
require 'chef/encrypted_data_bag_item' | |
require 'json' | |
secret = Chef::EncryptedDataBagItem.load_secret ARGV[0] | |
to_encrypt = JSON.parse($stdin.read) | |
encrypted_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item to_encrypt, secret | |
puts JSON.dump encrypted_data |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment