Working with data bags
There are a number of things you can do with data bags.
Securing your data bags
Data bags are just JSON data, but they are stored in the system as plain text, without any security. They are also downloaded onto various hosts throughout the life cycle, which can lead to leaking of potentially sensitive information. Fortunately, Chef has a method that lets you secure this data by using knife, along with secret keys to keep data in data bags encrypted.
Secret keys
Encrypting a data bag item requires a secret key; one way of generating a secret key is to generate a random number and use the Base64 encoding of that number as the secret key. This should have any line endings removed to ensure it works properly on all platforms, regardless ...
Get Chef: Powerful Infrastructure Automation now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
