Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Chef 15: Remove support for *writing* encrypted data bags version 1 and 2 #7911
In Chef version 11.6 we introduced encrypted data bag format version 3.
Chef client can read all formats and writes out version 3 by default. Support for writing to version 1 and 2 remains and can be used if the config.rb/knife.rb is set to the older versions. We should remove support for encrypting (not decrypting) version 1 and 2. This would mean that a knife user would only be able to write encrypted data bags that could be read by Chef 11.6 or later.
The downside as far as testing goes it we test the decryption method by first encoding data. We'd lose the specs for reading versions 1 & 2, just like we did with version 0 when we removed that support.