Note: Please comment the below line in knife.rb file else it will automatically decrypt values
and show when we use "knife data bag show" command
I initially thought knife was not encrypting my values and had to debug ..which took lot of time.
[root@ec2-test .chef]# cat knife.rb | grep secret
#knife[:secret_file] ='/root/encrypted_data_bag_secret'
knife data bag create --secret-file /root/.chef/encrypted_data_bag_secret testbag password
{
"id": "password",
"password": "this is test password key"
}
[root@ec2-test .chef]# knife data bag show testbag password
id: password
password:
cipher: aes-256-cbc
encrypted_data: KMHzeFQwfm0wWeHFymxfJsMo425CP+wlwoZ6xN7waVlgUNOmRrr/+jOtDLIN
s7Xl
iv: TYPYnSqYTcmU8ZWE2sIt4A==
version: 1
Once encrypted if you try to edit the encrypted databag it shows like this
{
"name": "data_bag_item_testbag_password",
"json_class": "Chef::DataBagItem",
"chef_type": "data_bag_item",
"data_bag": "testbag",
"raw_data": {
"id": "password",
"password": {
"encrypted_data": "KMHzeFQwfm0wWeHFymxfJsMo425CP+wlwoZ6xN7waVlgUNOmRrr/+jOtDLIN\ns7Xl\n",
"iv": "TYPYnSqYTcmU8ZWE2sIt4A==\n",
"version": 1,
"cipher": "aes-256-cbc"
}
}
}
To show the decrypted values we can use
[root@ec2-test .chef]# knife data bag show testbag password --secret-file /root/.chef/encrypted_data_bag_secret
id: password
password: this is test password key
---------------------------
Some important commands related to data bags
Generate random secret key
---------------------------
Some important commands related to data bags
Generate random secret key
openssl rand -base64 512 >encrypted_data_bag_secret
Generate random password
date | md5 in mac
date | md5sum in any linux machine