search

schubergphilis / vagrant-chef-zero

Vagrant Plugin for Chef Zero
Apache License 2.0
91 stars 42 forks source link

Where can I put the path to encrypted data_bag secret? #65

Closed trekr5 closed 8 years ago

trekr5 commented 9 years ago

Hi,

Is there provision to add the path to encrypted_data_bag_secret into the VagrantFile using chef zero?

I'd like to test decryption of encrypted data bags using vagrant and chef zero.

Thanks!

miguelaferreira commented 9 years ago

I set it like this: Vagrantfile:

  ...
      config.chef_zero.enabled      = true
      config.chef_zero.cookbooks    = 'test/fixtures/cookbooks'
      config.chef_zero.data_bags    = 'test/fixtures/data_bags'
      config.chef_zero.environments = 'test/fixtures/environments'

      config.vm.provision 'chef_client' do |chef|
        chef.log_level  = 'info'

        chef.custom_config_path                 = 'Vagrantfile.chef'
        chef.encrypted_data_bag_secret_key_path = 'test/fixtures/encrypted_data_bag_secret'
        chef.environment                        = 'dev'

        chef.run_list = options['run_list']

        # You may also specify custom JSON attributes:
        chef.json = {  }
      end
  ...
trekr5 commented 9 years ago

Hi,

Are you using the encrypted data bag secret that comes with a Chef server? If so the path is typically C:/chef/encrypted_data_bag_secret. If not, then I would suggest you generate your own private key, place this in your VagrantFile and use it to decrypt/encrypt databags.

Your VagrantFile should read:-

env_config.vm.provision :chef_solo do |chef| chef.log_level = :debug chef.data_bags_path = 'data_bags' chef.environments_path = 'environments' chef.encrypted_data_bag_secret_key_path = 'C:/tmp/vagrant-chef-2/encrypted_data_bag_secret' chef.environment = 'dev' chef.run_list = [ "recipe[core::local_users]"

end

On 24 March 2015 at 09:31, Miguel Ferreira notifications@github.com wrote:

I set it like this: Vagrantfile:

config.chef_zero.enabled = true config.chef_zero.cookbook = 'test/fixtures/cookbooks' config.chef_zero.data_bags = 'test/fixtures/data_bags' config.chef_zero.environments = 'test/fixtures/environments'

  config.vm.provision 'chef_client' do |chef|
    chef.log_level  = 'info'

    chef.custom_config_path                              = 'Vagrantfile.chef'
    chef.encrypted_data_bag_secret_key_path = 'test/fixtures/encrypted_data_bag_secret'
    chef.file_cache_path                                     = 'c:/var/chef/cache'
    chef.environment                                          = 'dev'

    chef.run_list = options['run_list']

    # You may also specify custom JSON attributes:
    chef.json = {  }
  end

— Reply to this email directly or view it on GitHub https://github.com/andrewgross/vagrant-chef-zero/issues/65#issuecomment-85421644 .

miguelaferreira commented 9 years ago

the value I set in chef.encrypted_data_bag_secret_key_path = 'test/fixtures/encrypted_data_bag_secret' is a path on the host (my laptop), not on the guest (the vagrant managed vm). This way vagrant knows where to find the file on my host and move it to the guest vm. On the guest vm it does indeed land in the directory you mention.

miguelaferreira commented 9 years ago

@trekr5 any update on this issue? Or can I close it?