Is there any possibility to secure private passwords and certs with chef?
I now that chef has encrypted data bags, but every client need a key for
opening the data bags. So I have to copy the key as a file an all nodes.
So I had a key in the filesystem of all nodes which can access all
important passwords in my environment. That¹s not that secure I¹d like.
So I like to write a TCPClient which runs on all nodes an a TCPServer
which runs on a dedicated server. The clients has to authenticate which an
individuell hash and the server send each node only the passwords which
the client node needs. Now I have the problem to store the password
information the node gets from the server, because I don¹t want to save it
in a file.
Is there a possibility to store the passwords only in the ram for the
runtime of chef-client and will be dropped afterwards?
Am 12.05.14 19:22 schrieb “Bryan McLellan” unter firstname.lastname@example.org:
On Mon, May 12, 2014 at 9:44 AM, email@example.com wrote:
But my question is Is this possible to run chef-client json attributes
passing as a json runtime parameters without creating attributes in a
why am asking is if we want to pass a single attribute we need to
create a json
file and need to pass those just for a single attributes.so only asking
there any option in that for running a chef client override attributes
No, you cannot pass JSON on the command line. CHEF-1918 represents the
I think this was originally the design because it would be a bit of a
complicated syntax to type and quote, so it wouldn’t be easy to use,
and making another syntax, e.g. foo=bar, baz[faz][jaz]=stuff, would
also be complicated and probably limiting.
Is the attribute value that you’re trying to pass changing often? Is
it something you could dynamically configure from other information?
If it’s something only a human could provide that always goes into the
same attribute, maybe read it out of an environment variable in a
recipe and run like this:
MY_VALUE=bob chef-client -r recipe[my_thing]