This is a request to add support for the client configuration option "encrypted_data_bag_secret" in `chef_client.rb.tmpl` and the `chef` configuration block.
Use Case:
Enable cloud-init to manage Chef deployments where encrypted data bags are in use. The path to the secrets can be configured with Cloud init, while the secrets files themselves can be supplied via an external facility (e.g., Barbican, Vault).
This is a request to add support for the client configuration option "encrypted_ data_bag_ secret" in `chef_client. rb.tmpl` and the `chef` configuration block.
Use Case:
Enable cloud-init to manage Chef deployments where encrypted data bags are in use. The path to the secrets can be configured with Cloud init, while the secrets files themselves can be supplied via an external facility (e.g., Barbican, Vault).
Example:
# cloud-init /api.opscode. com/organizatio ns/myorg data_bag_ secret: /etc/chef/ encrypted_ data_bag_ secret
chef:
install_type: "packages"
server_url: https:/
environment: dev
validation_name: dev-validator
validation_cert: dev-validator.pem
run_list: role[db]
encrypted_
=>
# /etc/chef/client.rb chef/client. log" client_ name "dev-validator" validation. pem" client. pem" /api.opscode. com/organizatio ns/myorg" da3a-4c83- 85d8-cbc8fa63f4 29" firstboot. json" chef/client. pid" :Formatter. show_time = true data_bag_ secret "encrypted_ data_bag_ secret"
log_level :info
log_location "/var/log/
ssl_verify_mode :verify_none
validation_
validation_key "/etc/chef/
client_key "/etc/chef/
chef_server_url "https:/
environment "dev"
node_name "5a2f89c3-
json_attribs "/etc/chef/
file_cache_path "/var/cache/chef"
file_backup_path "/var/backups/chef"
pid_file "/var/run/
Chef::Log:
encrypted_
Thanks,
Eric