[RFE] Please add encrypted_data_bag_secret to client.rb.tmpl in cc_chef
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Fix Released
|
Wishlist
|
Eric Williams |
Bug Description
This is a request to add support for the client configuration option "encrypted_
Use Case:
Enable cloud-init to manage Chef deployments where encrypted data bags are in use. The path to the secrets can be configured with Cloud init, while the secrets files themselves can be supplied via an external facility (e.g., Barbican, Vault).
Example:
# cloud-init
chef:
install_type: "packages"
server_url: https:/
environment: dev
validation_name: dev-validator
validation_cert: dev-validator.pem
run_list: role[db]
encrypted_
=>
# /etc/chef/client.rb
log_level :info
log_location "/var/log/
ssl_verify_mode :verify_none
validation_
validation_key "/etc/chef/
client_key "/etc/chef/
chef_server_url "https:/
environment "dev"
node_name "5a2f89c3-
json_attribs "/etc/chef/
file_cache_path "/var/cache/chef"
file_backup_path "/var/backups/chef"
pid_file "/var/run/
Chef::Log:
encrypted_
Thanks,
Eric
description: | updated |
Hi Eric,
Thanks for filing this feature request! Is this something you would be interested in contributing a fix for?
Thanks!
Dan