I use below command for creating a new chef vault- knife vault create -A -M client -S 'name:' -J
My question is how can I give access of this chef vault to multiple nodes?
Also, what are the different ways, this access can be granted ? (can be via node names, role names etc). I need to know the commands for the search query
The argument to -S is a Chef search query, which is normally used to select which nodes should be given access. name: is not a valid query, but it's hard to tell if you meant that literally. You can also use the -A flag (which, again, is used incorrectly above) to add individual users or clients by name (I know it says --admins but it works with node names too).
As an infosec practitioner I am also obligated to warn you that use of the -S search query option can be unsafe under certain attack models. Specifically a compromised node can change its own attributes such that the next time someone runs a vault refresh, the node is incorrectly given access. This isn't the worst of all possible security holes but just be aware of it.
Giving access to a vault-item to multiple nodes/clients can be achieved using -C, --clients CLIENTS option, where CLIENTS is the comma-separated list of the clients.
e.g.:
knife vault create <vault> <item> -C "client1,client2,client3,... ,clientN" -J <json_file_for_item>
As per the CHEF-vault reference.
