Test-Kitchen: using chef_solo and passing in data bag secret key?
490 views
Skip to first unread message
spe...@vin65.com
Dec 18, 2014, 3:01:04 PM12/18/14
to testing-...@googlegroups.com
Hey everyone,
I am starting to use Test-Kitchen. All is good, but when I run kitchen converge <name>, Chef fails because one of my recipes is trying to find the secret data bag key and fails to do so.
The key is in <chef-project>/.chef/secret_data_bag_key. How can I get this copied over via Test-Kitchen?
I am starting to use Test-Kitchen. All is good, but when I run kitchen converge <name>, Chef fails because one of my recipes is trying to find the secret data bag key and fails to do so.
The key is in <chef-project>/.chef/secret_data_bag_key. How can I get this copied over via Test-Kitchen?
ho...@thewitricks.com
Dec 18, 2014, 3:05:47 PM12/18/14
to spe...@vin65.com, testing-...@googlegroups.com
In your .kitchen.yml file add this right after the "data_bags_path" line.
encrypted_data_bag_secret_key_path: "<path/to/data_bags/data_bag_secret_key>"
Justin
--
You received this message because you are subscribed to the Google Groups "Testing with Chef" group.
To unsubscribe from this group and stop receiving emails from it, send an email to testing-with-c...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Message has been deleted
spe...@vin65.com
Dec 18, 2014, 3:46:12 PM12/18/14
to testing-...@googlegroups.com, spe...@vin65.com, ho...@thewitricks.com
On Thursday, December 18, 2014 12:05:47 PM UTC-8, ho...@thewitricks.com wrote:
>
>
> In your .kitchen.yml file add this right after the "data_bags_path" line.
>
>
>
> encrypted_data_bag_secret_key_path: "<path/to/data_bags/data_bag_secret_key>"
>
Hey Justin,
>
>
> In your .kitchen.yml file add this right after the "data_bags_path" line.
>
>
>
> encrypted_data_bag_secret_key_path: "<path/to/data_bags/data_bag_secret_key>"
>
This is my kitchen.yaml file:
---
driver:
name: vagrant
provisioner:
name: chef_solo
require_chef_omnibus: 11.16.4
data_bags_path: "./data_bags"
encrypted_data_bag_secret_key_path: ".chef/secret_data_bag_key"
platforms:
- name: ubuntu-14.04
suites:
- name: default
run_list:·
- role[<SOME ROLE>]
- recipe[<SOME RECIPE>]
attributes: { enc_data_bag: { path: ".chef/secret_data_bag_key" } }
The enc_data_bag[:path] attribute is used in my cookbooks so I can load encrypted data bags. However, I get this error:
ERROR: No such file or directory - file not found '/tmp/kichen/secret_data_bag_key'
spe...@vin65.com
Dec 18, 2014, 4:56:20 PM12/18/14
to testing-...@googlegroups.com, spe...@vin65.com, ho...@thewitricks.com
Figured it out. For those that are new to this, see below:
Say you have a secret data bag key for decryption in .chef/secret_data_bag_key. To get this to the server, you can:
data_bags_path: "./data_bags"
encrypted_data_bag_secret_key_path: ".chef/secret_data_bag_key"
The above copies the secret_data_bag_key to a file named encrypted_data_bag_secret under /tmp/kitchen/.
Thus, I could set my data key path that I use in the cookbooks to:
attributes: { enc_data_bag: { path: "/tmp/kitchen/encrypted_data_bag_secret" } }
Reply all
Reply to author
Forward
0 new messages