Is there any way using chefdk to create encrypted databags directly to .json files instead of needing to use knife create / knife edit / knife show to create them on a chef server and then dump them to a local file?
I know that my team wrote a custom knife plugin for this purpose… I’ll
look at whether we can contribute it back to the community. IMHO this
should be the default… We’ve got a pipeline with a lot of validations
before databag changes hit our production chef server.
knife data bag from file might help .
Coderanger mentioned in IRC that you can do it with knife -z. I’ll have to give that a shot tomorrow.
Thanks folks.
Nathan Clemons
DevOps Engineer
Moxie Cloud Services (MCS)
O +1.425.467.5075
M +1.360.861.6291
We wrote a simple knife plugin to do this (includes creating, editing and
key-rotating databags locally for committing into a git repo to be uploaded
by an automated process later):
knife solo data bag has been my goto tool for this:
I don’t use chef-solo, but the knife plugin is great for just managing encrypting data bags. Hope it helps!