Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding encrypted data bags support #45

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Adding encrypted data bags support #45

wants to merge 1 commit into from

Conversation

maksar
Copy link

@maksar maksar commented Aug 3, 2013

By using "data_bag_encrypted" : true it is now possible to use encrypted data bags.

@erithmetic
Copy link

+1 on this, I've been using this branch for several months because I like to store developer ssh keys in my user data bags.

@johnbellone
Copy link

@fnichol What do you think? +1

@phlipper
Copy link

phlipper commented Oct 7, 2013

👍

4 similar comments
@rgarver
Copy link

rgarver commented Nov 25, 2013

+1

@viyh
Copy link

viyh commented Apr 9, 2014

+1

@j-miyake
Copy link

+1

@zenizh
Copy link

zenizh commented Oct 14, 2014

+1

@ranjib
Copy link
Collaborator

ranjib commented Mar 21, 2015

@maksar thanks for the PR and very sorry for getting back so late.
Can we remove the encrypted data bag secret optional (or just nuke it). If dropped in right place, the default should work as it is. We have to explicitly provide it only if we are using secret dropped in some custom location.

theckman
theckman requested changes Nov 7, 2016
View reviewed changes
Copy link
Collaborator

@theckman theckman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there is a lot of value in getting this merged-in to the LWRP. I agree with Ranjib's feedback and would like to see the data_bag_encrption_key attribute removed.

I know this has been outstanding for awhile, so if you aren't able to make these changes please let us know.

recipes/data_bag.rb
name = i.gsub(/[.]/, '-')

u = if node['user']['data_bag_encrypted']
Chef::EncryptedDataBagItem.load(bag, name, node['user']['data_bag_encryption_key'])
Copy link
Collaborator

@theckman theckman Nov 7, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should rely on the key being provided in the client's config and not here. We should remove any references to this attribute:

Chef::EncryptedDataBagItem.lad(bag, name)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theckman theckman theckman requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
10 participants
@maksar @erithmetic @johnbellone @phlipper @rgarver @viyh @j-miyake @zenizh @ranjib @theckman