New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Chef 15: Remove support for *writing* encrypted data bags version 1 and 2 #7911

tas50 opened this Issue Nov 10, 2018 · 0 comments


1 participant

tas50 commented Nov 10, 2018

In Chef version 11.6 we introduced encrypted data bag format version 3.

Chef client can read all formats and writes out version 3 by default. Support for writing to version 1 and 2 remains and can be used if the config.rb/knife.rb is set to the older versions. We should remove support for encrypting (not decrypting) version 1 and 2. This would mean that a knife user would only be able to write encrypted data bags that could be read by Chef 11.6 or later.

The downside as far as testing goes it we test the decryption method by first encoding data. We'd lose the specs for reading versions 1 & 2, just like we did with version 0 when we removed that support.

@tas50 tas50 added this to Undecided in Deprecations for Chef 15 via automation Nov 10, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment