Encrypted Data Bag for Itamae
This is itamae plugin that provides store for secrets, like encrypted data bag in chef.
gem 'itamae-secrets'
or
$ gem install itamae-secrets
itamae-secrets command for storing data or manually readingItamae::Secrets interface for itamae recipes${base}/keys from checked into VCS. (.gitignore it!)
$ itamae-secrets newkey --base=./secret --method=aes-random
$ itamae-secrets newkey --base=./secret --method=aes-passphrase
Both generates ./secret/keys/default. Make sure ./secret/keys be excluded from VCS.
$ itamae-secrets set --base=./secret awesome_secret value
(when omit value, it’ll read from STDIN until EOF. You can also use --noecho if you want hide value in your terminal’s buffer completely.)
on your itamae recipe, do:
require 'itamae/secrets'node[:secrets] = Itamae::Secrets(File.join(__dir__, 'secret'))# Use itp node[:secrets][:awesome_secret]
$ itamae-secrets get --base=./secret awesome_secret
--base
$ echo 'base: ./secret' >> .itamae-secrets.yml
After checking out the repo, run bin/setup to install dependencies. Then, run rake rspec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/sorah/itamae-secrets.
Security issues? Send me directly at security@sorah.jp. My GPG key is available here: http://sorah.jp/id.html (SSL)
The gem is available as open source under the terms of the MIT License.