Skip to content
Create a gist now

Instantly share code, notes, and snippets.

Embed URL


Subversion checkout URL

You can clone with
Download ZIP
Creating local encrypted data bags
require 'rubygems'
require 'chef/encrypted_data_bag_item'
secret = Chef::EncryptedDataBagItem.load_secret('data_bag_key')
data = {"id" => "mysql", "root" => "some secret password"}
encrypted_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(data, secret)
FileUtils.mkpath('data_bags/passwords')'data_bags/passwords/mysql.json', 'w') do |f|
f.print encrypted_data.to_json

I'm using a variant of this, seems like the encrypted string is keeping the \n newline char at the end like this:



It looks like base64 encoding so whitespace shouldn't pose a problem. Are you seeing an error?


yes, sorry, it works fine.


Here's a script that can be used to edit an encrypted databag in place. It makes some assumptions about paths but those are adjustable:


Very nice. Here is a generic script for taking a databag file and encrypting it


knife can now do this using the "from file" argument and the --local-mode (-z) flag. see

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.