Using encrypted data bag items
Data bags are a great way to store user- and application-specific data. Before long, you'll want to store passwords and private keys in data bags as well. However, you might (and should) be worried about uploading confidential data to a Chef server.
Chef offers encrypted data bag items to enable you to put confidential data into data bags, thus reducing the implied security risk.
Getting ready
Make sure you have a Chef repository and can access your Chef server.
How to do it…
Let's create and encrypt a data bag item and see how we can use it:
Create a directory for your encrypted data bag:
mma@laptop:~/chef-repo $ mkdir data_bags/accounts
Create a data bag item for a Google account:
mma@laptop:~/chef-repo $ subl data_bags/accounts/google.json { "id": "google", "email": "[email protected]", "password": "Oh! So secret?" }
Create the data bag on the Chef server:
mma@laptop:~/chef-repo $ knife data bag create accounts Created data_bag[accounts]
Upload your data...