How do you keeping SSL Certs out of your chef server?


#1

I really don’t want to keep my SSL certs in data bags or cookbooks in my chef repo, but I still need chef-client to be able to get at them when I build out a new web server.

Has anyone found a nice way to solve this?


http://josephholsten.com


#2

On Feb 27, 2012, at 8:25 PM, Joseph Anthony Pasquale Holsten wrote:

I really don’t want to keep my SSL certs in data bags or cookbooks in my chef repo, but I still need chef-client to be able to get at them when I build out a new web server.

Has anyone found a nice way to solve this?

We use encrypted data bags, following the example demonstrated by Joshua Timberman in some of his blog posts.

If anyone know of a better solution, please let me know.


Brad Knowles bknowles@ihiji.com
SAGE Level IV, Chef Level 0.0.1