Downloading chef vault file using recipe

akajain · November 7, 2017, 5:27am

I have a chef vault item storing a private key which I have created using

knife vault create keys private --file user.pem

I can query this using

knife vaullt show keys private

In one of my recipe I want to download this file on the client. I saw this method to load the vault items but this would not download the file as is.

vault_item = ChefVault::Item.load(vaultname, itemname)

How can I download user.pem in a specified location on my node? Basically I am looking for recipe equivalent of knife vault download VAULT ITEM command on workstation. Should I load it in a variable and then write in a file using a ruby library but not sure if that is a good way to handle .pem files. I also have .crt file which I have to store and download from vault.

coderanger · November 7, 2017, 8:14pm

As I mentioned to you on StackOverflow, you can read the file data under the file-content key in the resulting item. And then use a file resource in your recipe code to write it to disk.

Topic		Replies	Views
Chef-Vault examples of encrypting in recipes? Chef Infra (archive)	0	266	January 16, 2014
Chef Vault Item not encrypted with your public key, on node Chef Infra (archive)	6	3606	April 8, 2022
How to encrypt and upload chef Vault keys Chef Infra (archive)	5	1432	February 22, 2017
Knife vault create works, but getting Chef::EncryptedDataBagItem::DecryptionFailure Chef Infra (archive)	2	789	June 15, 2020
Chef-zero Convergence issue using encrypted data bags & hashicorp vault Chef Infra (archive)	2	964	March 15, 2016

Downloading chef vault file using recipe

Related topics