public
Last active

Creating local encrypted data bags

  • Download Gist
create_data_bag.rb
Ruby
1 2 3 4 5 6 7 8 9 10 11
require 'rubygems'
require 'chef/encrypted_data_bag_item'
 
secret = Chef::EncryptedDataBagItem.load_secret('data_bag_key')
data = {"id" => "mysql", "root" => "some secret password"}
encrypted_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(data, secret)
 
FileUtils.mkpath('data_bags/passwords')
File.open('data_bags/passwords/mysql.json', 'w') do |f|
f.print encrypted_data.to_json
end

I'm using a variant of this, seems like the encrypted string is keeping the \n newline char at the end like this:

{"mysql"=>"7ovab42KoH1NhdwIu1YpLl1nBnxK+CLl30L45wpKlOE=\n"}

It looks like base64 encoding so whitespace shouldn't pose a problem. Are you seeing an error?

yes, sorry, it works fine.

Here's a script that can be used to edit an encrypted databag in place. It makes some assumptions about paths but those are adjustable: https://gist.github.com/4123044

Very nice. Here is a generic script for taking a databag file and encrypting it https://gist.github.com/kcd83/6227767

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.