Instantly share code, notes, and snippets.

Embed
What would you like to do?
Creating local encrypted data bags
require 'rubygems'
require 'chef/encrypted_data_bag_item'
secret = Chef::EncryptedDataBagItem.load_secret('data_bag_key')
data = {"id" => "mysql", "root" => "some secret password"}
encrypted_data = Chef::EncryptedDataBagItem.encrypt_data_bag_item(data, secret)
FileUtils.mkpath('data_bags/passwords')
File.open('data_bags/passwords/mysql.json', 'w') do |f|
f.print encrypted_data.to_json
end
@freegenie

This comment has been minimized.

freegenie commented Jul 14, 2012

I'm using a variant of this, seems like the encrypted string is keeping the \n newline char at the end like this:

{"mysql"=>"7ovab42KoH1NhdwIu1YpLl1nBnxK+CLl30L45wpKlOE=\n"}

@matschaffer

This comment has been minimized.

Owner

matschaffer commented Jul 14, 2012

It looks like base64 encoding so whitespace shouldn't pose a problem. Are you seeing an error?

@freegenie

This comment has been minimized.

freegenie commented Jul 15, 2012

yes, sorry, it works fine.

@aaronjensen

This comment has been minimized.

aaronjensen commented Nov 21, 2012

Here's a script that can be used to edit an encrypted databag in place. It makes some assumptions about paths but those are adjustable: https://gist.github.com/4123044

@kcd83

This comment has been minimized.

kcd83 commented Aug 14, 2013

Very nice. Here is a generic script for taking a databag file and encrypting it https://gist.github.com/kcd83/6227767

@burnettk

This comment has been minimized.

burnettk commented Nov 25, 2015

knife can now do this using the "from file" argument and the --local-mode (-z) flag. see https://docs.chef.io/knife_data_bag.html#from-file

@okram999

This comment has been minimized.

okram999 commented Dec 11, 2015

Adding to @burnettk -- this is the specific command

$ knife data bag from file my_data_bag /path/to/data_bag_item.json -z --secret-file /path/to/encrypted_data_bag_secret

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment