Skip to content
/ chef-vault Public

Securely manage passwords, certs, and other secrets in Chef

License

Apache-2.0 license
407 stars 160 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

chef/chef-vault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
lib
lib
 
 
.gitignore
.gitignore
 
 
README.rdoc
README.rdoc
 
 
chef-keepass.gemspec
chef-keepass.gemspec
 
 

Repository files navigation

Chef-Keepass

DESCRIPTION:

Gem that allows you to encrypt passwords & certificates using the public key of a list of chef nodes. This allows only those chef nodes to decrypt the password or certificate.

INSTALLATION:

Be sure you are running the latest version Chef. Versions earlier than 0.10.0 don’t support plugins:

gem install chef

This plugin is distributed as a Ruby Gem. To install it, run:

gem install chef-keepass

Depending on your system’s configuration, you may need to run this command with root privileges.

CONFIGURATION:

KNIFE COMMANDS:

This plugin provides the following Knife subcommands.

Specific command options can be found by invoking the subcommand with a --help flag

knife encrypt password

Use this knife command to encrypt the username and password that you want to protect.

knife encrypt password –search SEARCH –username USERNAME –password PASSWORD –admins ADMINS

knife decrypt password

Use this knife command to dencrypt the password that is protected

knife decrypt password –username USERNAME

knife encrypt cert

Use this knife command to encrypt the contents of a certificate that you want to protect.

knife encrypt cert –search SEARCH –cert CERT –password PASSWORD –name NAME –admins ADMINS

knife decrypt cert

Use this knife command to dencrypt the certificate that is protected

knife decrypt cert –name NAME

USAGE IN RECIPES

To use this gem in a recipe to decrypt data you must first install the gem via a chef_gem resource. Once the gem is installed require the gem and then you can create a new instance of ChefKeepass.

Example Code (password) 

chef_gem "chef-keepass"

require 'chef-keepass'

keepass = ChefKeepass.new("passwords")
user = keepass.user("Administrator")
password = user.decrypt_password

Example Code (certificate) 

chef_gem "chef-keepass"

require 'chef-keepass'

keepass = ChefKeepass.new("certs")
cert = keepass.certificate("domain.com")
contents = cert.decrypt_contents

LICENSE:

Author

Kevin Moser (<kevin.moser@nordstrom.com>)

Copyright

Copyright © 2013 Nordstrom, Inc.

License

Apache License, Version 2.0

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

About

Securely manage passwords, certs, and other secrets in Chef

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

407 stars

Watchers

51 watching

Forks

160 forks
Report repository

Releases

66 tags

Packages

No packages published

Contributors 54
+ 40 contributors

Languages