Create a gist now

Instantly share code, notes, and snippets.

Creating local encrypted data bags
require 'rubygems'
require 'chef/encrypted_data_bag_item'
secret = Chef::EncryptedDataBagItem.load_secret('data_bag_key')
data = {"id" => "mysql", "root" => "some secret password"}
encrypted_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(data, secret)
FileUtils.mkpath('data_bags/passwords')'data_bags/passwords/mysql.json', 'w') do |f|
f.print encrypted_data.to_json

I'm using a variant of this, seems like the encrypted string is keeping the \n newline char at the end like this:



It looks like base64 encoding so whitespace shouldn't pose a problem. Are you seeing an error?


yes, sorry, it works fine.


Here's a script that can be used to edit an encrypted databag in place. It makes some assumptions about paths but those are adjustable:


Very nice. Here is a generic script for taking a databag file and encrypting it


knife can now do this using the "from file" argument and the --local-mode (-z) flag. see


Adding to @burnettk -- this is the specific command

$ knife data bag from file my_data_bag /path/to/data_bag_item.json -z --secret-file /path/to/encrypted_data_bag_secret

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment