As near as I can tell from the documentation of chef-server-ctl user-create, the command requires a cleartext password as one of its arguments. However, in scripting setup of a Chef server, I’d really like to avoid at all costs including anything like:
chef-server-ctl user-create jsmith John Smith email@example.com acleartextpasswordinmygitrepo
Is there some alternate solution that exists in Chef, or do I need to choose between manual intervention, some external workaround, or the above ugliness?
You could use open SSL and a lit bit of bash to get this working (Maybe not the most elegant way, but still possible)
This is taken from SuperUser and may be worth some consideration.
Generate a 2048-bit RSA key and store it in key.txt. May be worth bumping it up to 4096
openssl genrsa -out key.txt 2048
Encrypt “hello world” using the RSA key in key.txt
echo "hello world" | openssl rsautl -inkey key.txt -encrypt >output.bin
Decrypt the message and output to variable for the script… Would need to be in the bash script you are writing
openssl rsautl -inkey key.txt -decrypt < $pass
You could then use a shell command with a variable $pass for the password value. The info for the user creation command is found here.
chef-server-ctl user-create foouser Foo User firstname.lastname@example.org $pass (options)
I have not test this out, so good luck