Using Chef encrypted data bags and Hiera-eyaml with Puppet
Some information in data bags can be safely stored in the Chef server in plain text, but under some circumstances, sensitive information might be safer if encrypted. Companies might not like production API keys, private keys, or similar sensitive content to be stored in plain text on the Chef server or on third-party services, such as GitHub. We'll see how to encrypt and decrypt data in the command line and from inside a Chef recipe.
Getting ready
To step through this recipe, you will need:
A working Chef DK installation on the workstation
A working Vagrant installation on the workstation
The Chef code (optionally) from Chapter 6, Fundamentals of Managing Servers with Chef and Puppet, Chapter 7, Testing and Writing Better Infrastructure Code with Chef and Puppet, or any custom Chef code
How to do it…
Our goal is to create a configuration file containing our AWS credentials for the us-east-1 region, and it's not acceptable that you store...
