Can anybody tell me how can I get chef-vault shared secret, used to encrypt data in encrypted data bags.
As far as I understand i can see secret keys, encryped by public key of admin and/or clients by issuing following command: knife data bag show $VAULT $ITEM_keys
So theoretically I can do something like that:
- Copy encrypted data for example for admin users
- openssl enc -in /root/encrypted_data -out /root/encrypted_data.binary -d -a
- openssl rsautl -decrypt -in /root/encrypted_data.binary -out /root/plaintext -inkey admin.pem
- base64 /root/plaintext > /root/plaintext.base64
But unfortunately something is wrong with this workflow, since I can decrypt data bag using /root/plaintext.base64 file by issuing following command:
knife data bag show $VAULT $ITEM --secret-file /root/plaintest.bas64
Any ideas ?
Thanks in advance.