6

I have a recipe which copies a secret_key to my node. Actually the file content is logged into my shell. I want to turn that off for this single recipe, because I don't want the file content to be saved into my shell history. I know that it's possible to completely deactivate the logging with the verbose_logging setting in client.rb.

verbose_logging: Set the log level. Options: true, nil, and false. When this is set to false, notifications about individual resources being processed are suppressed (and are output at the :info logging level). Setting this to false can be useful when a chef-client is run as a daemon. Default value: nil.

But is it possible to deactivate the logging only for a single recipe?

coderuby
  • 1,188
  • 1
  • 11
  • 26

1 Answers1

9

There is a common property called sensitive, which will

Ensure that sensitive resource data is not logged by the chef-client. Default value: false. This property only applies to the execute, file and template resources.

template "/etc/my.secret" do
  sensitive true
end
StephenKing
  • 36,187
  • 11
  • 83
  • 112
  • Thank you! That is exactly what I was looking for! – coderuby Nov 13 '15 at 20:59
  • 1
    As a warning, this only applies to execute resources in Chef 12. 11 and earlier will still show the command and output. – coderanger Nov 14 '15 at 20:58
  • Only _execute_ or (_execute, file and template_) as mentioned in the docs? Interesting to read that this does not work in Chef 11 (the property exists but it does nothing?). – StephenKing Nov 14 '15 at 22:09