Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to store your Splunk Storm credentials securely in Chef.
######################
# Instructions
#
# Splunk Storm uses a proprietary license file which needs to be deployed on each of the forwarders.
# For us to deploy these files we need to put them into Chef Server, but it'd be nice for them to be
# all nice and secure.
#
# Here's a quick chunk of code of how to post the creds into a secure data bag.
#
# Create a data bag (preference would be this is a secure data bag)
# `knife data bag create licenses storm --secret-file ~/.chef/encrypted_data_bag_secret`
#
# open up irb and run the commands below to encode your credentials into the bag
# be sure to change the vars to match your setup (i'll have to make this a Knife Plugin one day)
#
# You'll probably want to checkin your keys into the
# `knife data bag show licenses storm -Fj > data_bags/licenses/storm.json`
######################
# To write the Splunk Storm Creds to a data bag
require 'base64'
require 'chef'
data_bag = "licenses"
data_bag_key = "storm"
license_file = "stormforwarder_XXXXXXXX.spl"
Chef::Config.from_file("#{ENV['HOME']}/.chef/knife.rb")
c = Chef::DataBagItem.load(data_bag, data_bag_key)
contents = [File.open(license_file, "rb") {|io| io.read}].pack("m")
c['data'] = contents
c['filename'] = license_file
c.save
######################
# To read the Splunk Storm Creds from a data bag
require 'base64'
require 'chef'
data_bag = "licenses"
data_bag_key = "storm"
Chef::Config.from_file("#{ENV['HOME']}/.chef/knife.rb")
c = Chef::DataBagItem.load(data_bag, data_bag_key)
File.open(c['filename'], "wb") do |file|
file.write(c['data'].unpack('m').first)
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.