https://github.com/cyberark/summon-chefapi
Summon provider for Chef encrypted data bags
https://github.com/cyberark/summon-chefapi
chef-databags conjbot-notify conjur conjur-community-team summon summon-provider
Last synced: 5 months ago
JSON representation
Summon provider for Chef encrypted data bags
- Host: GitHub
- URL: https://github.com/cyberark/summon-chefapi
- Owner: cyberark
- License: mit
- Archived: true
- Created: 2015-09-07T20:30:37.000Z (over 10 years ago)
- Default Branch: main
- Last Pushed: 2024-09-27T15:03:38.000Z (over 1 year ago)
- Last Synced: 2026-01-14T15:53:58.143Z (5 months ago)
- Topics: chef-databags, conjbot-notify, conjur, conjur-community-team, summon, summon-provider
- Language: Go
- Size: 67.4 KB
- Stars: 6
- Watchers: 19
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
Awesome Lists containing this project
README
# DEPRECATED
As of June 11, 2024 this project is deprecated and will no longer be maintained.
# summon-chefapi
For many, Chef encrypted data bags are difficult to work with. This Summon provider allows you to use
[Summon + secrets.yml](http://conjurinc.github.io/summon/) to improve your development workflow with encrypted data bags.
## Example
Create an encrypted data bag with a PostgreSQL password.
```sh-session
$ knife data bag create passwords postgres --secret-file encrypted_data_bag_secret
```
```json
{
"id": "postgres",
"value": "mysecretpassword"
}
```
Install [Summon](https://github.com/conjurinc/summon) and this provider.
Create a [secrets.yml](https://conjurinc.github.io/summon/#secrets.yml) file.
```yaml
POSTGRES_PASSWORD: !var passwords/postgres/value
```
Now you can inject the password into any process as an environment variable. Instead of dealing with the Data Bag API
in your Chef recipe, you can just use `ENV['POSTGRES_PASSWORD']`.
```sh-session
$ summon chef-client --once
```
Once `chef-client` finishes, the password is gone, not left on your system.
## Install
1. Install the [latest release of Summon](https://github.com/conjurinc/summon#install).
2. Download the [latest release of this provider](https://github.com/conjurinc/summon-chefapi/releases)
and extract it to `/usr/local/lib/summon/`.
If you have more than one provider installed, select this one with `summon -p summon-chefapi ...`.
## Configure
Configuration of this provider is through environment variables:
* `CHEF_NODE_NAME`: The name of the node. (`node_name` in knife.rb)
* `CHEF_CLIENT_KEY_PATH`: The location of the file that contains the client key. (`client_key` in knife.rb)
* `CHEF_SERVER_URL`: The URL for the Chef server. (`chef_server_url` in knife.rb)
* `CHEF_DECRYPTION_KEY_PATH`: The location of the file that contains the decryption key.
* `CHEF_SKIP_SSL`: Skip SSL verification (for self-signed certs). Set to "1" to activate.
---
## Contributing
We welcome contributions of all kinds to this repository. For instructions on how to get started and descriptions of our development workflows, please see our [contributing
guide][contrib].
[contrib]: CONTRIBUTING.md