Chef-vault issues behind firewall

I am just trying toprototype chef-vault databag encryption and following

My environment is behind firewall with no internet access

when I run my recipe I get following errors

retrying fetcher due to error (2/4); Bundler::HTTPError could not fetch specs from

Googling it tells me setting up a proxy for that url which I don;t want to do. Are there any other work around? I did download chef-vault-3.4.3.gem file and using cookbook_file and chef_gemwas able to install but as soon as I add depends 'chef-vault' in cookbook's metadata.rb the error comes back...


So the gem is installed in the node you are testing on? Can you provide details on your recipe and the error output? One thing you should definitely consider is running a private gems repository in your network. You can run Geminabox fairly easily and will only need to punch a hole for that to you will have to point your chef clients to it as their gems source. I have the same restrictions and it is the way that I have it set up.

Thanks for response,

The only recipe in the cookbook has 2 lines displaying plain text (hopefully) values from the vault. The line in metadata.rb depends 'chef-vault' causes it to set up gem chef-vault and everything goes downhill from there..

I guess I will have to look into geminabox solution. Will follow see how far I can go.. unless there is some other option..

Thanks again



In reality we need chef-vault cookbook to install chef-vault.gem on the node and then use vault helper methods, right?

If I have a node which has chef-vault.gem already installed, I can get away with all geminabox and opening my firewall, only thing I will be missing is helper methods like chef_vault_item

To access vault from node, can I not use knife vault commands form my recipe? I noticed that knife is already installed on the node (not sure how and when), so can I not use it from recipe?

Appreciate any comments?


I end up copying the chef-vault-xxx.gem file using cookbook_file and then running chef_gem 'chef-vault' to install gem using source 'file://'

after that

require 'chef-vault'
vault = ChefVault::Item.load("vaultname", "itemname")
mysecret = vault['xxx']

this works.


I'll get back to you on this when I check my setup again. It's been a while since I have one this so I will double check but I think it has something to do with the way my the vault cookbook is setup.