Working with encrypted password in Chef recipe


#1

Hi Chef experts,

I have a use case in which I need to transfer an encrypted password to perform some tasks. What would be the best practice of handling a case of encrypted string? What would be flashed in my mind is to pre-hash/encrypt my password, store it in a template and transfer it to the node. After that a shell script reads into the encrypted password and decrypt it before using. This sounds like a significant effort doesn't it?

Your advice would be greatly appreciated.


#2

Hi @tsec

What is your goal? Do you want to provide decrypted data on the node or you must provide an encrypted data that must be used by some script?
If it is in scope for you to generate the decrypted data, then use simple encrypted data bags or chef vault

https://docs.chef.io/data_bags.html
https://docs.chef.io/chef_vault.html