Using Chef Vault encryption
A different way of encrypting data is proposed through Chef Vault, and this does not require you to include the key somewhere in the code. The concept is elegant and simple: shared key encryption is done for each and every existing Chef node through their already existing client keys. This way, only the nodes allowed to access the data can decrypt it—each with their own private key—ensuring no clear-text shared keys are being sent, like with the classic encrypted data bag scheme.
Getting ready
To step through this recipe, you will need:
A working Chef DK installation on the workstation
A working Vagrant installation on the workstation
The Chef code (optionally) from Chapter 6, Fundamentals of Managing Servers with Chef and Puppet, Chapter 7, Testing and Writing Better Infrastructure Code with Chef and Puppet, or any custom Chef code
How to do it…
We'll build on the previous, already existing, mysite cookbook; however, any other situation will work similarly. Instead...
