O'Reilly logo

Chef: Powerful Infrastructure Automation by Earl Waud, Matthias Marschall, John Ewart

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Working with data bags

There are a number of things you can do with data bags.

Securing your data bags

Data bags are just JSON data, but they are stored in the system as plain text, without any security. They are also downloaded onto various hosts throughout the life cycle, which can lead to leaking of potentially sensitive information. Fortunately, Chef has a method that lets you secure this data by using knife, along with secret keys to keep data in data bags encrypted.

Secret keys

Encrypting a data bag item requires a secret key; one way of generating a secret key is to generate a random number and use the Base64 encoding of that number as the secret key. This should have any line endings removed to ensure it works properly on all platforms, regardless ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required