Last active

Creating local encrypted data bags

  • Download Gist
1 2 3 4 5 6 7 8 9 10 11
require 'rubygems'
require 'chef/encrypted_data_bag_item'
secret = Chef::EncryptedDataBagItem.load_secret('data_bag_key')
data = {"id" => "mysql", "root" => "some secret password"}
encrypted_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(data, secret)
FileUtils.mkpath('data_bags/passwords')'data_bags/passwords/mysql.json', 'w') do |f|
f.print encrypted_data.to_json

I'm using a variant of this, seems like the encrypted string is keeping the \n newline char at the end like this:


It looks like base64 encoding so whitespace shouldn't pose a problem. Are you seeing an error?

yes, sorry, it works fine.

Here's a script that can be used to edit an encrypted databag in place. It makes some assumptions about paths but those are adjustable:

Very nice. Here is a generic script for taking a databag file and encrypting it

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.