Skip to content

cyberark/summon-chefapi

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

summon-chefapi

For many, Chef encrypted data bags are difficult to work with. This Summon provider allows you to use Summon + secrets.yml to improve your development workflow with encrypted data bags.

Example

Create an encrypted data bag with a PostgreSQL password.

$ knife data bag create passwords postgres --secret-file encrypted_data_bag_secret
{
    "id": "postgres",
    "value": "mysecretpassword"
}

Install Summon and this provider.

Create a secrets.yml file.

POSTGRES_PASSWORD: !var passwords/postgres/value

Now you can inject the password into any process as an environment variable. Instead of dealing with the Data Bag API in your Chef recipe, you can just use ENV['POSTGRES_PASSWORD'].

$ summon chef-client --once

Once chef-client finishes, the password is gone, not left on your system.

Install

  1. Install the latest release of Summon.
  2. Download the latest release of this provider and extract it to /usr/local/lib/summon/.

If you have more than one provider installed, select this one with summon -p summon-chefapi ....

Configure

Configuration of this provider is through environment variables:

  • CHEF_NODE_NAME: The name of the node. (node_name in knife.rb)
  • CHEF_CLIENT_KEY_PATH: The location of the file that contains the client key. (client_key in knife.rb)
  • CHEF_SERVER_URL: The URL for the Chef server. (chef_server_url in knife.rb)
  • CHEF_DECRYPTION_KEY_PATH: The location of the file that contains the decryption key.
  • CHEF_SKIP_SSL: Skip SSL verification (for self-signed certs). Set to "1" to activate.

Contributing

We welcome contributions of all kinds to this repository. For instructions on how to get started and descriptions of our development workflows, please see our contributing guide.