Simon Krueger

Encrypting secrets with knife-solo

We've had some secrets laying around in our database that needed to be changed and encrypted. We have been using chef to deploy our service. With chef data bags we can encrypt and decrypt our secrets. There is one problem though. It expects you to have a chef server. However, we are using a pretty simple setup with no chef server at the moment. Luckily there is knife-solo and knife-solo_data_bag.

Create a data bag named secrets with an item named database

$ knife solo data bag create secrets database --json-file data_bags/secrets/database.json --data-bag-path chef/data_bags/ --secret-file ~/secrets_key

Edit the existing data bag item.

$ knife solo data bag edit secrets database --data-bag-path chef/data_bags/ --secret-file ~/secrets_key