Using encrypted data bag items

Data bags are a great way to store user- and application-specific data. Before long, you'll want to store passwords and private keys in data bags as well. However, you might (and should) be worried about uploading confidential data to a Chef server.

Chef offers encrypted data bag items to enable you to put confidential data into data bags, thus reducing the implied security risk.

Getting ready

Make sure you have a Chef repository and can access your Chef server.

How to do it...

Let's create and encrypt a data bag item and see how we can use it:

Create a directory for your encrypted data bag:

mma@laptop:~/chef-repo $ mkdir data_bags/accounts

Create a data bag item for a Google account:

mma@laptop:~/chef-repo $ subl data_bags/accounts/google.json ...

Get Chef: Powerful Infrastructure Automation now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Chef: Powerful Infrastructure Automation by John Ewart, Matthias Marschall, Earl Waud

Using encrypted data bag items

Getting ready

How to do it...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly