Locally modifying encrypted databags


#1

Is there any way using chefdk to create encrypted databags directly to .json files instead of needing to use knife create / knife edit / knife show to create them on a chef server and then dump them to a local file?


#2

I know that my team wrote a custom knife plugin for this purpose… I’ll
look at whether we can contribute it back to the community. IMHO this
should be the default… We’ve got a pipeline with a lot of validations
before databag changes hit our production chef server.


#3

knife data bag from file might help .


#4

Coderanger mentioned in IRC that you can do it with knife -z. I’ll have to give that a shot tomorrow.

Thanks folks.

Nathan Clemons

DevOps Engineer

Moxie Cloud Services (MCS)

O +1.425.467.5075

M +1.360.861.6291

E nclemons@gomoxie.com

W www.gomoxie.comhttp://www.gomoxie.com/


#5

We wrote a simple knife plugin to do this (includes creating, editing and
key-rotating databags locally for committing into a git repo to be uploaded
by an automated process later):


#6

knife solo data bag has been my goto tool for this:

I don’t use chef-solo, but the knife plugin is great for just managing encrypting data bags. Hope it helps!