How to encrypt and upload chef Vault keys

sunilkumar · February 20, 2017, 1:30pm

Hi Folks,

       Firstly I am new to chef-vault.How can i create and upload keys to chef-server.Tell me the command.

FYI,

Username : testuser
Password : mypassword
Vault name : keys

  Now tell me how can i encrypt and upload username and password to chef-server.

Error Logs:
PS C:\chef-repo\cookbooks\example_win> knife vault create amdkey '{“keypair”: “sunil”}'
ERROR: URI::InvalidURIError: bad URI(is not URI?): https://api.chef.io/organizations/sunil-kumar/data/amdkey/{keypair: s
unil}_keys

Thanks,
Sunil.

goudeuk · February 21, 2017, 10:34am

Do you mean how to generate the “knife-config” and “.pem” files?

sunilkumar · February 21, 2017, 10:49am

No Goudeuk, We use data bags for secret key management.The same way how can i use chef-vault?

joerg.herzinger · February 21, 2017, 12:51pm

I am not really sure what you mean or want, but there is a nice page with example commands for vault and documentation about what each of them does here: https://github.com/chef/chef-vault/blob/master/KNIFE_EXAMPLES.md
The README of the vault project also has some nice information about usage: https://github.com/chef/chef-vault

sunilkumar · February 22, 2017, 2:14pm

While running cookbook with chef-vault I'm getting this error.

FYI,
knife vault create user_password sunil --json ./sunil_password.json ':'
knife data bag from file user_password user_password/sunil.json
knife data bag from file user_password user_password/sunil_keys.json
Chef User name :sunil_chef

Correct me where i'm running command wrong?

Thanks,
Sunil

joerg.herzinger · February 22, 2017, 2:28pm

Data Bags and Vaults are different things. You have to either create and upload a vault OR a data bag. I don't know where your file user_password/sunil_keys.json and user_password/sunil.json are from, but the general steps for you are:

Make sure your knife.rb contains knife[:vault_mode] = 'client'
Create a JSON with the contents you want in the Vault (probably this is user_password/sunil.json)
Delete the DataBag you currently have with knife data bag delete user_password
Create the vault passing your admin user, the node name that should have access and the json. Something like knife vault create user_password sunil -C "<list of nodes that should have access here>" -A "sunil_chef" --file user_password/sunil.json

Topic		Replies	Views
Chef-Vault examples of encrypting in recipes? Chef Infra (archive)	0	233	January 16, 2014
Chef Vault Item not encrypted with your public key, on node Chef Infra (archive)	6	3427	April 8, 2022
Knife vault create works, but getting Chef::EncryptedDataBagItem::DecryptionFailure Chef Infra (archive)	2	747	June 15, 2020
Downloading chef vault file using recipe Chef Infra (archive)	1	641	November 7, 2017
Backup secrets when using chef-vault Chef Infra (archive)	0	334	December 6, 2013

How to encrypt and upload chef Vault keys

Related Topics