Working with encrypted password in Chef recipe

tsec · September 14, 2018, 5:51pm

Hi Chef experts,

I have a use case in which I need to transfer an encrypted password to perform some tasks. What would be the best practice of handling a case of encrypted string? What would be flashed in my mind is to pre-hash/encrypt my password, store it in a template and transfer it to the node. After that a shell script reads into the encrypted password and decrypt it before using. This sounds like a significant effort doesn't it?

Your advice would be greatly appreciated.

simark · September 14, 2018, 8:28pm

Hi @tsec

What is your goal? Do you want to provide decrypted data on the node or you must provide an encrypted data that must be used by some script?
If it is in scope for you to generate the decrypted data, then use simple encrypted data bags or chef vault

https://docs.chef.io/data_bags.html
https://docs.chef.io/chef_vault.html

Topic		Replies	Views
Chef-Vault examples of encrypting in recipes? Chef Infra (archive)	0	268	January 16, 2014
Encrypted data bags Chef Infra (archive)	5	357	May 21, 2013
Encrypted Databags and Evironment Chef Infra (archive)	2	247	February 24, 2012
Re: Re: Re: Re: Handling of encrypted data bag keys Chef Infra (archive)	6	407	April 12, 2013
Encrypted Data Bags - Preemptive Key Retrieval Chef Infra (archive)	1	382	January 23, 2015

Working with encrypted password in Chef recipe

Related topics