How to encrypt and upload chef Vault keys


#1

Hi Folks,

       Firstly I am new to chef-vault.How can i create and upload keys to chef-server.Tell me the command.

FYI,

Username : testuser
Password : mypassword
Vault name : keys

  Now tell me how can i encrypt and upload username and password to chef-server.

Error Logs:
PS C:\chef-repo\cookbooks\example_win> knife vault create amdkey '{“keypair”: “sunil”}'
ERROR: URI::InvalidURIError: bad URI(is not URI?): https://api.chef.io/organizations/sunil-kumar/data/amdkey/{keypair: s
unil}_keys

Thanks,
Sunil.


#2

Do you mean how to generate the “knife-config” and “.pem” files?


#3

No Goudeuk, We use data bags for secret key management.The same way how can i use chef-vault?


#4

I am not really sure what you mean or want, but there is a nice page with example commands for vault and documentation about what each of them does here: https://github.com/chef/chef-vault/blob/master/KNIFE_EXAMPLES.md
The README of the vault project also has some nice information about usage: https://github.com/chef/chef-vault


#5

While running cookbook with chef-vault I’m getting this error.

FYI,
knife vault create user_password sunil --json ./sunil_password.json ':'
knife data bag from file user_password user_password/sunil.json
knife data bag from file user_password user_password/sunil_keys.json
Chef User name :sunil_chef

Correct me where i’m running command wrong?

Thanks,
Sunil


#6

Data Bags and Vaults are different things. You have to either create and upload a vault OR a data bag. I don’t know where your file user_password/sunil_keys.json and user_password/sunil.json are from, but the general steps for you are:

  • Make sure your knife.rb contains knife[:vault_mode] = 'client'
  • Create a JSON with the contents you want in the Vault (probably this is user_password/sunil.json)
  • Delete the DataBag you currently have with knife data bag delete user_password
  • Create the vault passing your admin user, the node name that should have access and the json. Something like knife vault create user_password sunil -C "<list of nodes that should have access here>" -A "sunil_chef" --file user_password/sunil.json