How to encrypt and upload chef Vault keys

Hi Folks,

       Firstly I am new to chef-vault.How can i create and upload keys to chef-server.Tell me the command.


Username : testuser
Password : mypassword
Vault name : keys

  Now tell me how can i encrypt and upload username and password to chef-server.

Error Logs:
PS C:\chef-repo\cookbooks\example_win> knife vault create amdkey '{“keypair”: “sunil”}'
ERROR: URI::InvalidURIError: bad URI(is not URI?):{keypair: s


Do you mean how to generate the “knife-config” and “.pem” files?

No Goudeuk, We use data bags for secret key management.The same way how can i use chef-vault?

I am not really sure what you mean or want, but there is a nice page with example commands for vault and documentation about what each of them does here:
The README of the vault project also has some nice information about usage:

While running cookbook with chef-vault I'm getting this error.

knife vault create user_password sunil --json ./sunil_password.json ':'
knife data bag from file user_password user_password/sunil.json
knife data bag from file user_password user_password/sunil_keys.json
Chef User name :sunil_chef

Correct me where i'm running command wrong?


Data Bags and Vaults are different things. You have to either create and upload a vault OR a data bag. I don't know where your file user_password/sunil_keys.json and user_password/sunil.json are from, but the general steps for you are:

  • Make sure your knife.rb contains knife[:vault_mode] = 'client'
  • Create a JSON with the contents you want in the Vault (probably this is user_password/sunil.json)
  • Delete the DataBag you currently have with knife data bag delete user_password
  • Create the vault passing your admin user, the node name that should have access and the json. Something like knife vault create user_password sunil -C "<list of nodes that should have access here>" -A "sunil_chef" --file user_password/sunil.json