Stack Overflow
Stack Overflow

Questions tagged [chef-vault]

Gem that allows you to encrypt a Chef Data Bag Item using the public keys of a list of chef nodes.

About

Chef Vault is an alternative tool for managing secrets with Chef. It was developed as an open source project originally by Nordstrom, but transferred to Chef in 2015. Unlike encrypted data bags, it does not require the use of one shared key by all users and pieces of infrastructure.

Links

20 questions
2
votes
1 answer

How to add node to list of clients that can access a data bag on a Chef Server?

I want/need one of my nodes to access a data bag on my chef server. The purpose is to get a decrypted ssh key so i can clone from a private repo. I've been trying many variations of knife vault update data_bag item -A 'name-of-node' But I do not…
WhyAyala
  • 647
  • 7
  • 29
2
votes
2 answers

Chef Vault with Test-Kitchen, Vagrant and Chef-Zero provisioner

I have an environment setup with Test-Kitchen v1.5.0, Vagrant v1.8.1. I have a recipe that uses chef vault to decrypt our encrypted passwords that our in our data_bags_path/passwords/pilot.json file. I am using the solution here…
tjmair
  • 77
  • 7
2
votes
0 answers

Chef-vault - not creating vaults with create command, but creating simple data bags

I am trying to create a chef-vault to store some password using below command: knife vault create revrecsecrets revrecpass -A "revrec-validator,node1,node2,node3" -J data_bags/revrecpass.json -M client Where revrecpass.json contains: {…
kumarprd
  • 906
  • 2
  • 8
  • 21
1
vote
1 answer

Cannot stub chef-vault data with unencrypted data bags for Kitchen Test

Chef Development Kit Version: 2.4.17 chef-client version: 13.6.4 delivery version: master (73ebb72a6c42b3d2ff5370c476be800fee7e5427) berks version: 6.3.1 kitchen version: 1.19.2 inspec version: 1.45.13 I am trying to test my chef-vault…
Said Masoud
  • 51
  • 7
1
vote
1 answer

Chef-vault with Users cookbook (users_manage resource)

I intend to encrypt "users" databag with chef-vault and use the same with chef provided "users" cookbook. "users_manage" resource provided by "users" cookbook accepts one of the attributes as "databag" (with username, group_id and search_group…
Haris Farooqui
  • 944
  • 3
  • 12
  • 28
1
vote
1 answer

Chef node cannot load data bag item because public key encryption issues

I have a new VM I just built. It has been bootstrapped with the same cookbooks as all the other nodes. They can load this data bag just fine. The new VM cannot. Stacktrace error :: /usr/bin/chef-client:57:in `load' /usr/bin/chef-client:57:in…
Carl_Friedrich_Gauss
  • 173
  • 3
  • 15
0
votes
1 answer

Is it necessary to refresh the chef vault everytime we regenerate keys?

I am admin of a chef vault. I have regenerated my key recently. Now when I try to access the secrets it shows error saying unable to decrypt the secrets and I need to get the vault refresh done by an admin. I checked with another administrator but…
Moni
  • 16
  • 2
0
votes
1 answer

How to create chef databags with chef-vault

I want to create a databag with credentials of servers which needs to be encrypted. Do I need to create chef-vault first ?
Sankareswar
  • 45
  • 8
0
votes
1 answer

Getting JSON error while generating chef-vault

I am trying to generate a chef-vault in windows workstation and getting below error every time ERROR: JSON::ParserError: {username: root, password: mypassword} is not valid JSON! $PS C:\Users\09242766> knife vault create passwords root…
Sankareswar
  • 45
  • 8
0
votes
1 answer

knife vault refresh command cannot search query

I tried to refresh vault with knife vault refresh command, but invalid search query error is occurred. How do I fix it? $ knife vault create devvault vaultitem --file private.key -M client $ knife vault show devvault vaultitem -M…
azusa.t
  • 1
  • 1
  • 2
0
votes
2 answers

Vagrant Provision fails at installing Ruby Gem chef-vault

As the new intern, I'm supposed to get one of our applications running on my local machine (OS X). It's a large set of files to run the application and it uses frameworks that I am not familiar with such as vagrant and chef. I was told that it…
Alec Hayden
  • 191
  • 2
  • 12
0
votes
1 answer

Refresh chef-vaut from a chef provisioner node (using node object)

Is it possible to add a node object as an ADMIN to chef-vault. I was able to add it, but when I tried to refresh the vault item using the node [nithin-desktop.nithinsworld.com] pem key it failed saying Response: missing update permission $ knife…
nithin sunny
  • 53
  • 1
  • 4
0
votes
1 answer

Chef vault adding nodes

I would like to add nodes to a certain vault before creating them, for example: All vagrant machines that I provision with vagrant up that has the patter vagrant-dev-* could acces the chef vault secrets. If i try to do this, I've got a warning that…
Lechucico
  • 1,914
  • 7
  • 27
  • 60
0
votes
2 answers

Chef : how to give access of a vault for multiple servers

I use below command for creating a new chef vault- knife vault create -A -M client -S 'name:' -J My question is how can I give access of this chef vault to multiple nodes? Also, what are the different ways, this access can be granted ? (can be…
user6378152
  • 257
  • 2
  • 6
  • 11
0
votes
1 answer

How can I spin up test chef-server to test chef-automate using chef

I have a scenario where I want to setup chef-automate using chef. In order to test chef-automate I need chef-server. I was able to do it on local machine, installing chef-server and chef-automate. In order to do that I need automate.license which I…
Snehit Gajjar
  • 38
  • 1
  • 6
1
2