Uploading the databag secrets while bootstraping

okram999 · May 30, 2016, 5:25pm

I know this was possible, but just can’t recall the easy way to do it. I am trying to get the encrypted databag secrets uploaded to the nodes while bootstrapping or before bootstrapping at ‘/etc/chef/encrypted_data_bag_secret’.

For the time being i am using something like:

knife bootstrap ec2-server -E dev -r chef-client::service,my-cookbook -x centos -N ec2-server --sudo

nclemons · May 30, 2016, 5:42pm

–secret-file SECRET_FILE A file containing the secret key to use to encrypt data bag item values. Can also be defaulted in your config with the key ‘secret_file’

Nathan Clemons
DevOps Engineer
Moxie Cloud Services (MCS)

O +1.425.467.5075
M +1.360.861.6291
E nclemons@gomoxie.com
W www.gomoxie.com http://www.gomoxie.com/

okram999 · May 30, 2016, 7:11pm

huhh … how did i missed it!! Thanks!

Topic		Replies	Views
Using encrypted data bags in cookbooks? Chef Infra (archive)	9	354	January 22, 2015
Databag Encryption Chef Infra (archive)	6	513	July 11, 2018
Suggested patch to chef to enable passing the data bag secret to a node, bypassing storage on the server Chef Infra (archive)	0	300	November 7, 2011
Auto copy encrypted_data_bag_secret on the node not working Chef Infra (archive)	1	642	January 29, 2013
Populating encrypted_data_bag_secret? Chef Infra (archive)	2	419	December 28, 2011

Uploading the databag secrets while bootstraping

Related topics