Here is an example where the chef key file is stored on a ci server, and each cookbook has a .berkshelf directory that contains a json file with the config of which chef servers to upload to.
Assuming you are using something like jenkins, team city, gitlab -ci that integrates with your version git server. Te following script would be configured to only run on merge to master, or every time a git tag is created.
- rm -f Berksfile.lock
- echo "$LAB_CHEF_KEY" > "/foobar/private-key.pem"
- berks install --config=.berkshelf/foo.json
- berks upload --config=.berkshelf/foo.json
- rm /foobar/private-key.pem
Inside the cookbook in .berkshelf/foo.json
{
"chef": {
"chef_server_url": "https://chef.example.com/organizations/foobar",
"client_key": "/foobar/private-key.pem",
"node_name": "foobar"
},
"ssl": {
"verify": true
}
}
You can also look into facebooks grocery delivery