Create a new encrypted data bag
1. Create a secret for the data bag
$ openssl rand -base64 1024 > db_secret_key.txt
2. Make an encrypted data bag:
$ export EDITOR=vim
$ knife data bag create BAG_NAME --secret-file db_secret_key.txt
Created data_bag[BAGNAME]
3. Create data bag entry and edit contents:
$ knife data bag create BAG_NAME ITEM_NAME --secret-file db_secret_key.txt
Data bag BAG_NAME already exists
Created data_bag_item[ITEM_NAME]
4. (optional) Download data bag as json:
knife download data_bags/BAG_NAME
5. (optional) Upload data bag from json file:
knife data bag from file BAG_NAME BAG_FILENAME.json
6. (optional) Access data bag from a recipe:
db_secret = Chef::EncryptedDataBagItem.load_secret('/path/to/db_secret_key.txt')
private_key_value = Chef::EncryptedDataBagIten.load('BAG_NAME', 'ITEM_NAME', db_secret)['ITEM_KEY']
### note: ITEM_KEY is often an Environment name
No comments:
Post a Comment