Skip to content

klarna/cookbook-secretfiles

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

recipes

recipes

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

metadata.rb

metadata.rb

 
 

Repository files navigation

Secretfiles Cookbook

Cookbook for decrypting and storing decrypted content in file system.

Generic where data bag, secret file path, items and notification is set in attributes for a node. In the encrypted data bag a list of files can be specified with their respective path, content, owner, group and mode.

Usage

Just include secretfiles in your node's run_list:

{
  "name":"my_node",
  "default_attributes": {
    "secretfiles": {
      "non-important_unique_name": {
        "data_bag": "data_bag name",
        "items": ["item in data_bag"],
        "secret-file": "path for secret file on target",
        "notifies": ["restart", "subscriber", "delayed"]
      },
      "service-nginx-ssl": {
        "data_bag": "service-nginx",
        "items": ["ssl-certs"],
        "secret-file": "/etc/chef/secrets/service-nginx.pem",
        "notifies": ["restart", "service[nginx]"]
      }
    }
  },
  "run_list": [
    "recipe[secretfiles]"
  ]
}

Encrypted data bag example:

{
  "id": "ssl-certs",
  "secretfiles": [
    {
      "path": "/etc/pki/nginx/cert.pem",
      "content": "Content base64 encoded",
      "owner": "nginx",
      "group": "nginx",
      "mode": "0660"
    },
    {
      "path": "/etc/pki/nginx/cert.crt",
      "content": "Content base64 encoded",
      "owner": "nginx",
      "group": "nginx",
      "mode": "0660"
    }
  ]
}

License and Authors

Authors: Carl Loa Odin carlodin@gmail.com

About

Generic way of handling encrypted files

Resources

Readme

License

View license
Activity
Custom properties

Stars

1 star

Watchers

8 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 100.0%