Support landing entries in key storage

[ARentz07]

Overview

In order to aid consumers in setting up Rundeck and disaster recovery scenarios, we should support adding key storage entries through the chef-client run.

Design Considerations

Key storage may be in a remote database or on the local filesystem. Thus, we should be attempting to leverage the abstractions Rundeck has in place to interact with keys - the CLI and/or the REST API.

We would likely want to represent these via encrypted data bag items, which should have the following attributes:

• name (the name of the key)
• path (the path at which the key is stored)
• contents (the actual secret key we are trying to store)
• type (indicates if this is a private key, public key, or password)

We might also add a LWRP for a 'key' with similar attributes.

[atheiman]

i just came across this in an old cookbook that we dont use anymore but could maybe integrate this code into this cookbook

# Land AWS access key/secret as a rundeck secure password.
ruby_block 'land_keys' do
  block do
    require 'net/http'
    uri = URI.parse("http://#{node['fqdn']}:4440")
    http = Net::HTTP.new(uri.host, uri.port)
    %w(key secret).each do |file|
      request = Net::HTTP::Post.new("/api/11/storage/keys/aws/#{file}")
      request.add_field('X-Rundeck-Auth-Token', '***token***')
      request.add_field('Content-type', 'application/x-rundeck-data-password')
      request.body = (file == 'secret') ? "#{citadel['run_deck_secret/secret']}" : "#{citadel['run_deck_secret/key']}"
      response = http.request(request)
    end
  end
  action :run
end

[xorima]

Closing due to inactivity.

If this is still an issue please reopen or open another issue. Alternatively drop by the #sous-chefs channel on the Chef Community Slack and we'll be happy to help!

Thanks, Sous-Chefs

[lock[bot]]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.