Chef Vault without knife


#1

Is it possible to use chef-vault without having to use the knife command?
My systems come up, and run the chef-client automaticaly.

Thanks,
Doug


#2

Is it possible to have a more detailed explanation on what your problem is ?

As is I can't tell what you try to do...

Le 5 juin 2015 19:31, Douglas Garstang <doug.garstang@gmail.com> a écrit :

Is it possible to use chef-vault without having to use the knife command? My systems come up, and run the chef-client automaticaly.

Thanks,

Doug


#3

I’m trying to find a generic, scalable way, to install an SSL private key
onto an EC2 instance.

Doug.

On Fri, Jun 5, 2015 at 12:20 PM, Tensibai Zhaoying tensibai@iabis.net
wrote:

Is it possible to have a more detailed explanation on what your problem is
?

As is I can’t tell what you try to do…
Le 5 juin 2015 19:31, Douglas Garstang doug.garstang@gmail.com a
écrit :

Is it possible to use chef-vault without having to use the knife command?
My systems come up, and run the chef-client automaticaly.

Thanks,
Doug


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627


#4

And what is the problem having a vault which store the key and getting it in the recipe just following the Chef-vault README ?

Chef_gem "chef-vault"

Require ‘chef-vault’

Cert=ChefVault::Item.load(‘vault’,‘item’)[‘cert entry’]

Try to expose where you're stuck if you want help, we can't do divination tricks to guess...

Le 5 juin 2015 21:47, Douglas Garstang <doug.garstang@gmail.com> a écrit :

I'm trying to find a generic, scalable way, to install an SSL private key onto an EC2 instance.

Doug.

On Fri, Jun 5, 2015 at 12:20 PM, Tensibai Zhaoying <tensibai@iabis.net> wrote:

Is it possible to have a more detailed explanation on what your problem is ?

As is I can't tell what you try to do...

Le 5 juin 2015 19:31, Douglas Garstang <doug.garstang@gmail.com> a écrit :

Is it possible to use chef-vault without having to use the knife command? My systems come up, and run the chef-client automaticaly.

Thanks,

Doug

Regards,

Douglas Garstang

http://www.linkedin.com/in/garstang

Email: doug.garstang@gmail.com

Cell: +1-805-340-5627


#5

The documentation for chef vault at https://github.com/Nordstrom/chef-vault
seems to suggest that you need to pass client_key_path, which has the
private key to decrypt the vault item, when loading the item from chef
vault. Since the file also needs to go into the cookbook and therefore also
revision control, I’m not understanding the benefit of chef vault. What am
I missing?

Kevin, this is for for HTTP certs, so I gotta have the private key on the
box.

Doug.

On Fri, Jun 5, 2015 at 2:19 PM, Tensibai Zhaoying tensibai@iabis.net
wrote:

And what is the problem having a vault which store the key and getting it
in the recipe just following the Chef-vault README ?

Chef_gem "chef-vault"
Require 'chef-vault’
Cert=ChefVault::Item.load(‘vault’,‘item’)[‘cert entry’]

Try to expose where you’re stuck if you want help, we can’t do divination
tricks to guess…
Le 5 juin 2015 21:47, Douglas Garstang doug.garstang@gmail.com a écrit :

I’m trying to find a generic, scalable way, to install an SSL private key
onto an EC2 instance.

Doug.

On Fri, Jun 5, 2015 at 12:20 PM, Tensibai Zhaoying tensibai@iabis.net
wrote:

Is it possible to have a more detailed explanation on what your problem is
?

As is I can’t tell what you try to do…
Le 5 juin 2015 19:31, Douglas Garstang doug.garstang@gmail.com a
écrit :

Is it possible to use chef-vault without having to use the knife command?
My systems come up, and run the chef-client automaticaly.

Thanks,
Doug


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627


#6

See ‘Manage a user password’ in this clearly written blog post.

http://jtimberman.housepub.org/blog/2013/09/10/managing-secrets-with-chef-vault/

I believe that may the clearest illustration of how to use chef-vault in a cookbook recipe.


#7

You should read the titles of the paragraphs before stepping to conclusions.

You're talking about the example on how to impersonate as another node.

The paragraph "Usage in Recipe" -> "example" is the one I copied in my previous answer (from memory, so there's a little difference).

You should really give it a try and state your problem completely. This list has many people not working for chef, and even if we're happy to help, question without a sign of effort in self-research like this are not likely to get helpful answers.

This will be my last message on this thread as I've tried to give you clues and you're still coming back with statements not showing any interest in learning.

I try to stay helpfull and friendly but this came to a point where I don't wish to waste time anymore. I hope you'll understand for future communications.

Le 6 juin 2015 16:43, Douglas Garstang <doug.garstang@gmail.com> a écrit :

The documentation for chef vault at https://github.com/Nordstrom/chef-vault seems to suggest that you need to pass client_key_path, which has the private key to decrypt the vault item, when loading the item from chef vault. Since the file also needs to go into the cookbook and therefore also revision control, I'm not understanding the benefit of chef vault. What am I missing?

Kevin, this is for for HTTP certs, so I gotta have the private key on the box.

Doug.

On Fri, Jun 5, 2015 at 2:19 PM, Tensibai Zhaoying <tensibai@iabis.net> wrote:

And what is the problem having a vault which store the key and getting it in the recipe just following the Chef-vault README ?

Chef_gem "chef-vault"

Require ‘chef-vault’

Cert=ChefVault::Item.load(‘vault’,‘item’)[‘cert entry’]

Try to expose where you're stuck if you want help, we can't do divination tricks to guess...

Le 5 juin 2015 21:47, Douglas Garstang <doug.garstang@gmail.com> a écrit :

I'm trying to find a generic, scalable way, to install an SSL private key onto an EC2 instance.

Doug.

On Fri, Jun 5, 2015 at 12:20 PM, Tensibai Zhaoying <tensibai@iabis.net> wrote:

Is it possible to have a more detailed explanation on what your problem is ?

As is I can't tell what you try to do...

Le 5 juin 2015 19:31, Douglas Garstang <doug.garstang@gmail.com> a écrit :

Is it possible to use chef-vault without having to use the knife command? My systems come up, and run the chef-client automaticaly.

Thanks,

Doug

Regards,

Douglas Garstang

http://www.linkedin.com/in/garstang

Email: doug.garstang@gmail.com

Cell: +1-805-340-5627

Regards,

Douglas Garstang

http://www.linkedin.com/in/garstang

Email: doug.garstang@gmail.com

Cell: +1-805-340-5627


#8

Mark,

When creating an item, that document uses:

–search ‘role:base’ \

His description of that is “The --search option tells chef-vault to
use the public keys of the nodes matching the SOLR query for
encrypting the value”.

I’m not really sure what this means or how to apply it to my specific situation.

Doug

On Sat, Jun 6, 2015 at 9:32 AM, Mark Ayers mark@philoserf.com wrote:

See ‘Manage a user password’ in this clearly written blog post.

http://jtimberman.housepub.org/blog/2013/09/10/managing-secrets-with-chef-vault/

I believe that may the clearest illustration of how to use chef-vault in a
cookbook recipe.


Regards,

Douglas Garstang
http://www.linkedin.com/in/garstang
Email: doug.garstang@gmail.com
Cell: +1-805-340-5627