Skip to content

Comments

Adding encrypted data bags support#45

Open
maksar wants to merge 1 commit intofnichol:masterfrom
maksar:master
Open

Adding encrypted data bags support#45
maksar wants to merge 1 commit intofnichol:masterfrom
maksar:master

Conversation

@maksar
Copy link

@maksar maksar commented Aug 3, 2013

By using "data_bag_encrypted" : true it is now possible to use encrypted data bags.

@erithmetic
Copy link

erithmetic commented Sep 25, 2013

+1 on this, I've been using this branch for several months because I like to store developer ssh keys in my user data bags.

@johnbellone
Copy link

johnbellone commented Sep 28, 2013

@fnichol What do you think? +1

@phlipper
Copy link

phlipper commented Oct 7, 2013

👍

4 similar comments
@rgarver
Copy link

rgarver commented Nov 25, 2013

+1

@viyh
Copy link

viyh commented Apr 9, 2014

+1

@j-miyake
Copy link

j-miyake commented Aug 20, 2014

+1

@zenizh
Copy link

zenizh commented Oct 14, 2014

+1

@ranjib
Copy link
Collaborator

ranjib commented Mar 21, 2015

@maksar thanks for the PR and very sorry for getting back so late.
Can we remove the encrypted data bag secret optional (or just nuke it). If dropped in right place, the default should work as it is. We have to explicitly provide it only if we are using secret dropped in some custom location.

theckman
theckman requested changes Nov 7, 2016
View reviewed changes
Copy link
Collaborator

@theckman theckman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there is a lot of value in getting this merged-in to the LWRP. I agree with Ranjib's feedback and would like to see the data_bag_encrption_key attribute removed.

I know this has been outstanding for awhile, so if you aren't able to make these changes please let us know.

recipes/data_bag.rb
name = i.gsub(/[.]/, '-')

u = if node['user']['data_bag_encrypted']
Chef::EncryptedDataBagItem.load(bag, name, node['user']['data_bag_encryption_key'])
Copy link
Collaborator

@theckman theckman Nov 7, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should rely on the key being provided in the client's config and not here. We should remove any references to this attribute:

Chef::EncryptedDataBagItem.lad(bag, name)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theckman theckman theckman requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

10 participants

@maksar @erithmetic @johnbellone @phlipper @rgarver @viyh @j-miyake @zenizh @ranjib @theckman