chef12 encrypted data bags - any changes / benefits against chef11?

Melezhik · February 8, 2016, 3:02pm

Hi chef folks!

I know what chef11 data bags are. I wonder if there are any changes / updates / improvements for data bags in chef12?

To be precise I know as with chef11 one should provide so called encrypted key on a side of node being converged.
We have a hundreds of nodes on our environment and a lot of plain text data bags, moving our data bags to encrypted ones means we have to ensure some how that encrypted key file will be at every node which is very tedious.

I wonder if chef12 help me from necessity of deliver such a file on every node out of hundreds as I said? May be chef12 has more convenient way to ensure that encrypted data bag gets de-cryped on node side?

Thanks in advance.

thommay · February 8, 2016, 6:01pm

There are options that make this better - if you’re not in a cloud environment and have to deal with autoscaling you should check out this blog post on chef-vault.

Melezhik · February 8, 2016, 7:14pm

Hi Thom! Thanks, will look at this then …

Topic		Replies	Views
Encrypted data bag questions Chef Infra (archive)	1	240	June 11, 2013
Re: Re: Re: Re: Handling of encrypted data bag keys Chef Infra (archive)	6	381	April 12, 2013
Data Bag Secret Key Strategy with Chef-Solo Feedback Chef Infra (archive)	0	280	February 13, 2014
Encrypted data bags Chef Infra (archive)	5	318	May 21, 2013
Suggested patch to chef to enable passing the data bag secret to a node, bypassing storage on the server Chef Infra (archive)	0	254	November 7, 2011

chef12 encrypted data bags - any changes / benefits against chef11?

Related Topics