conf = {}.merge(node['cookbook']['conf']) # a workaround for Chef dsl not supporting clone or deep copy
ruby_block 'keep sensitive values separate from conf attributes' do
block do
data_bag_app = node['cookbook']['data_bag']
mysql_bag = Chef::EncryptedDataBagItem.load(data_bag_app, 'mysql')
aws_bag = Chef::EncryptedDataBagItem.load(data_bag_app, 'aws')
conf.merge!(
db_pass: mysql_bag[node['cookbook']['conf']['db_user']],
aws_access_key: aws_bag['aws_access_key'],
aws_secret_key: aws_bag['aws_secret_key'],
mail_smtp_user: aws_bag['mail_smtp_user'],
mail_smtp_pass: aws_bag['mail_smtp_pass']
)
end
end
Created
August 30, 2016 22:53
-
-
Save dhoer/5d7df64aed33d253690be0a2e9d13a6b to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment