Situation: I need to pass along s3 creds to the container upon converge in order to pull down binaries for a micro-service. data-bags, and the other options are not desirable for lots of reasons. Env vars would stay with the image - no good.
What I'm doing now is passing in a json file and using a ruby block that will read this in. After converge is complete, the etc/chef/secure volume is unmounted and the image can go live with no credentials buried within. It would be nice, however, if you allowed a file to be dropped into the secure folder that will over-ride attributes automatically.
Situation: I need to pass along s3 creds to the container upon converge in order to pull down binaries for a micro-service. data-bags, and the other options are not desirable for lots of reasons. Env vars would stay with the image - no good.
What I'm doing now is passing in a json file and using a ruby block that will read this in. After converge is complete, the etc/chef/secure volume is unmounted and the image can go live with no credentials buried within. It would be nice, however, if you allowed a file to be dropped into the secure folder that will over-ride attributes automatically.
Thanks Tom