Issue with encrypted data bags


#1

I am having an issue with encrypted data bags with chef 11.4.4 and vagrant 1.2.2.

I was able to successfully create, show encrypted and decrypted data bags with no issue via knife.

But once I dropped it into a recipe it threw me an error.

Here is the portion of the recipe that does not error.

secret = Chef::EncryptedDataBagItem.load_secret("#{node[:production][:secretpath]}") - This spits back the contents of the /etc/chef/encrypted_data_bag_secret

When I add the below it throws an error
pass_keys = Chef::EncryptedDataBagItem.load(“production”, “passwords”, secret)

[2013-06-18T18:43:48+00:00] FATAL: Chef::Exceptions::ValidationFailed: Data Bag Items must contain a Hash or Mash!

Not sure why I am getting this issue.

Any help would be good.

Thanks!


#2

When you use a secret file you don’t need secret in the EncryptedDataBagItem.load call. Here is an example

data_bag = EncryptedDataBagItem.load(“bag_name”, “item_name”)

content = data_bag[“item1”]

Let me know if this is unclear.

Nic

On June 18, 2013 at 2:44:22 PM, Russ Lavoy (ussray_00@yahoo.com) wrote:

I am having an issue with encrypted data bags with chef 11.4.4 and vagrant 1.2.2.

I was able to successfully create, show encrypted and decrypted data bags with no issue via knife.

But once I dropped it into a recipe it threw me an error.

Here is the portion of the recipe that does not error.

secret = Chef::EncryptedDataBagItem.load_secret("#{node[:production][:secretpath]}") - This spits back the contents of the /etc/chef/encrypted_data_bag_secret

When I add the below it throws an error
pass_keys = Chef::EncryptedDataBagItem.load(“production”, “passwords”, secret)

[2013-06-18T18:43:48+00:00] FATAL: Chef::Exceptions::ValidationFailed: Data Bag Items must contain a Hash or Mash!

Not sure why I am getting this issue.

Any help would be good.

Thanks!


#3

I have also tried that as well. It still comes back with the same error.

Russ


From: Nic Grayson nic.grayson@banno.com
To: Russ Lavoy ussray_00@yahoo.com; "chef@lists.opscode.com" chef@lists.opscode.com
Sent: Tuesday, June 18, 2013 3:13 PM
Subject: [chef] Re: Issue with encrypted data bags

When you use a secret file you don’t need secret in the EncryptedDataBagItem.load call. Here is an example

data_bag = EncryptedDataBagItem.load(“bag_name”, “item_name”)

content = data_bag[“item1”]

Let me know if this is unclear.

Nic

On June 18, 2013 at 2:44:22 PM, Russ Lavoy (ussray_00@yahoo.com) wrote:
I am having an issue with encrypted data bags with chef 11.4.4 and vagrant 1.2.2.

I was able to successfully create, show encrypted and decrypted data bags with no issue via knife.

But once I dropped it into a recipe it threw me an error.

Here is the portion of the recipe that does not error.

secret = Chef::EncryptedDataBagItem.load_secret("#{node[:production][:secretpath]}") - This spits back the contents of the /etc/chef/encrypted_data_bag_secret

When I add the below it throws an error
pass_keys = Chef::EncryptedDataBagItem.load(“production”, “passwords”, secret)

[2013-06-18T18:43:48+00:00] FATAL: Chef::Exceptions::ValidationFailed: Data Bag Items must contain a Hash or Mash!

Not sure why I am getting this issue.

Any help would be good.

Thanks!


#4

On June 18, 2013 at 2:44:22 PM, Russ Lavoy (ussray_00@yahoo.com (mailto:ussray_00@yahoo.com)) wrote:

I am having an issue with encrypted data bags with chef 11.4.4 and vagrant 1.2.2.

I was able to successfully create, show encrypted and decrypted data bags with no issue via knife.

But once I dropped it into a recipe it threw me an error.

Here is the portion of the recipe that does not error.

secret = Chef::EncryptedDataBagItem.load_secret("#{node[:production][:secretpath]}") - This spits back the contents of the /etc/chef/encrypted_data_bag_secret

When I add the below it throws an error
pass_keys = Chef::EncryptedDataBagItem.load(“production”, “passwords”, secret)

[2013-06-18T18:43:48+00:00] FATAL: Chef::Exceptions::ValidationFailed: Data Bag Items must contain a Hash or Mash!

Not sure why I am getting this issue.

Any help would be good.

Thanks!

A few questions:

  • How’d you upload the data bag item to the server? (Specific knife command)
  • What version of Chef client is running?

    Daniel DeLeo

#5

My chef client on vagrant is:

chef-client -v
Chef: 10.14.2

My knife command was:
knife data bag create production passwords --secret-file /etc/chef/encrypted_data_bag_secret

Thanks,


From: Daniel DeLeo dan@kallistec.com
To: Russ Lavoy ussray_00@yahoo.com
Cc: "chef@lists.opscode.com" chef@lists.opscode.com
Sent: Tuesday, June 18, 2013 3:22 PM
Subject: Re: [chef] Re: Re: Issue with encrypted data bags

On June 18, 2013 at 2:44:22 PM, Russ Lavoy (ussray_00@yahoo.com) wrote:
I am having an issue with encrypted data bags with chef 11.4.4 and vagrant 1.2.2.

I was able to successfully create, show encrypted and decrypted data bags with no issue via knife.

But once I dropped it into a recipe it threw me an error.

Here is the portion of the recipe that does not error.

secret = Chef::EncryptedDataBagItem.load_secret("#{node[:production][:secretpath]}") - This spits back the contents of the /etc/chef/encrypted_data_bag_secret

When I add the below it throws an error
pass_keys = Chef::EncryptedDataBagItem.load(“production”, “passwords”, secret)

[2013-06-18T18:43:48+00:00] FATAL: Chef::Exceptions::ValidationFailed: Data Bag Items must contain a Hash or Mash!

Not sure why I am getting this issue.

Any help would be good.

Thanks!

A few questions:

  • How’d you upload the data bag item to the server? (Specific knife command)
  • What version of Chef client is running?

    Daniel DeLeo

#6

I just upgraded the client on the vagrant system…

chef-client -v
Chef: 11.4.4

Still have the same issue.

Thanks


From: Russ Lavoy ussray_00@yahoo.com
To: Daniel DeLeo dan@kallistec.com
Cc: "chef@lists.opscode.com" chef@lists.opscode.com
Sent: Tuesday, June 18, 2013 3:29 PM
Subject: [chef] Re: Re: Re: Issue with encrypted data bags

My chef client on vagrant is:

chef-client -v
Chef: 10.14.2

My knife command was:
knife data bag create production passwords --secret-file /etc/chef/encrypted_data_bag_secret

Thanks,


From: Daniel DeLeo dan@kallistec.com
To: Russ Lavoy ussray_00@yahoo.com
Cc: "chef@lists.opscode.com" chef@lists.opscode.com
Sent: Tuesday, June 18, 2013 3:22 PM
Subject: Re: [chef] Re: Re: Issue with encrypted data bags

On June 18, 2013 at 2:44:22 PM, Russ Lavoy (ussray_00@yahoo.com) wrote:
I am having an issue with encrypted data bags with chef 11.4.4 and vagrant 1.2.2.

I was able to successfully create, show encrypted and decrypted data bags with no issue via knife.

But once I dropped it into a recipe it threw me an error.

Here is the portion of the recipe that does not error.

secret = Chef::EncryptedDataBagItem.load_secret("#{node[:production][:secretpath]}") - This spits back the contents of the /etc/chef/encrypted_data_bag_secret

When I add the below it throws an error
pass_keys = Chef::EncryptedDataBagItem.load(“production”, “passwords”, secret)

[2013-06-18T18:43:48+00:00] FATAL: Chef::Exceptions::ValidationFailed: Data Bag Items must contain a Hash or Mash!

Not sure why I am getting this issue.

Any help would be good.

Thanks!

A few questions:

  • How’d you upload the data bag item to the server? (Specific knife command)
  • What version of Chef client is running?

    Daniel DeLeo

#7

Hi Russ,

If it’s trivial for you to do so, could you try downgrading the guest to
chef-client 11.4.0 and trying your run in that environment?

I developed this whole big fancy RunDeck cookbook with self-provisioning
data bags (encrypted + plaintext) against Chef 11.4.0 nodes and it broke
with almost the same error once I started testing it in Chef 11.4.4 /
10.26.0…

(There were other changes I had to make in order to get it to play nice in
that org, but if you’re doing something similar, perhaps it’s not my
overly-ambitious code that is buggy? :smiley: )

On Tue, Jun 18, 2013 at 1:32 PM, Russ Lavoy ussray_00@yahoo.com wrote:

I just upgraded the client on the vagrant system…

chef-client -v
Chef: 11.4.4

Still have the same issue.

Thanks


From: Russ Lavoy ussray_00@yahoo.com
To: Daniel DeLeo dan@kallistec.com
Cc: "chef@lists.opscode.com" chef@lists.opscode.com
Sent: Tuesday, June 18, 2013 3:29 PM
Subject: [chef] Re: Re: Re: Issue with encrypted data bags

My chef client on vagrant is:

chef-client -v
Chef: 10.14.2

My knife command was:
knife data bag create production passwords --secret-file
/etc/chef/encrypted_data_bag_secret

Thanks,


From: Daniel DeLeo dan@kallistec.com
To: Russ Lavoy ussray_00@yahoo.com
Cc: "chef@lists.opscode.com" chef@lists.opscode.com
Sent: Tuesday, June 18, 2013 3:22 PM
Subject: Re: [chef] Re: Re: Issue with encrypted data bags

On June 18, 2013 at 2:44:22 PM, Russ Lavoy (ussray_00@yahoo.com) wrote:

I am having an issue with encrypted data bags with chef 11.4.4 and vagrant
1.2.2.

I was able to successfully create, show encrypted and decrypted data bags
with no issue via knife.

But once I dropped it into a recipe it threw me an error.

Here is the portion of the recipe that does not error.

secret =
Chef::EncryptedDataBagItem.load_secret("#{node[:production][:secretpath]}")

  • This spits back the contents of the /etc/chef/encrypted_data_bag_secret

When I add the below it throws an error
pass_keys = Chef::EncryptedDataBagItem.load(“production”, “passwords”,
secret)

[2013-06-18T18:43:48+00:00] FATAL: Chef::Exceptions::ValidationFailed: Data Bag Items must contain a Hash or Mash!

Not sure why I am getting this issue.

Any help would be good.

Thanks!

A few questions:

  • How’d you upload the data bag item to the server? (Specific knife
    command)
  • What version of Chef client is running?

    Daniel DeLeo