Chef: Load Attributes from encrypted databag in json role

Posted by jcvj on Server Fault See other posts from Server Fault or by jcvj
Published on 2014-04-24T11:43:13Z Indexed on 2014/06/03 21:27 UTC
Read the original article Hit count: 163

Filed under:
|

I'm want to use the postfix cookbook for chef. The sasl password is expected to be in an attribute. So usually you would do this:

"default_attributes": {
  "postfix": {
    "sasl": {
      "smtp_sasl_passwd": "somepassword"
    }
  }
}

The thing is: I don't want to have the password in the repository in plain text. So I put it in an encrypted data bag. Now I want to access it. This can be done with this:

Chef::EncryptedDataBagItem.load("passwords", "postfix")['password']

The problem: This only works in a .rb file, but my role is in json; all my roles are in json! I don't want to change that just for this purpose. Does anybody have an idea what to do here? Help is very appreciated.

© Server Fault or respective owner

Related posts about chef

Related posts about JSON