First quick try gives:

master] thbar@/xxx/chef-repo: knife data bag create deploy_key
WARNING: No knife configuration file found
ERROR: Your private key could not be loaded from /etc/chef/client.pem
Check your configuration file and ensure that your private key is readable

Not a huge surprise. So the knife data bag commands are likely not
chef-solo aware. I think we should try doing a chef-server style encrypted
data bag and store the JSON blob into data_bags and see if that works. If
that's the case we may be able to extend the knife commands or add new ones
to support solo-mode data bags. The folks in #opscode on freenode might
have some input there.

On Wed, Feb 15, 2012 at 3:14 PM, Thibaut Barrre <
reply@reply.github.com

wrote:

First quick try gives:

master] thbar@/xxx/chef-repo: knife data bag create deploy_key
WARNING: No knife configuration file found
ERROR: Your private key could not be loaded from /etc/chef/client.pem
Check your configuration file and ensure that your private key is readable

---

Reply to this email directly or view it on GitHub:
#22 (comment)

Can't work on this right now but I will try to ping the #opscode folks and see if they have a suggestion on how to do that.

Thanks!

On Fri, Feb 24, 2012 at 3:07 PM, Thibaut Barrre <
reply@reply.github.com

wrote:

Can't work on this right now but I will try to ping the #opscode folks and
see if they have a suggestion on how to do that.

---

Reply to this email directly or view it on GitHub:
#22 (comment)

+1, this would be very useful in order to have a more secure setup. We actually have all the passwords of every provisioned system on every node. Our actual solution is to remove /tmp/chef-solo after a successful run, but this is quite error-prone.
Or do you have better ideas?

To remove /tmp/chef-solo we're now using the custom command knife clean. Are you interested in such an addition? If so, I'd prepare a pull request.

I'd like to focus on encrypted databags and putting the files in a root-readable location first. Those seem like better solutions if possible.

Of course if you're code's pretty much ready already, a bird in the hand is worth two in the bush :)

I absolutely agree with you, getting the encrypted databags to work is by far the superior solution.
But we can't wait for it, so I did this little addition: Nix-wie-weg/knife-solo@991b4aa
If you're interested in it, I would write tests and documentation for it and then would issue a pull request.
If not, that's ok, then I'll save the time for finishing the addition.

I dig that. I'm wondering if clean is the best word, but I can't come up with anything better. Otherwise I'd be happy to have it

That last sentence was ambiguous. I'm happy to have it regardless of name, but if you or anyone else has any ideas for a better name I'm open to that as well :)

I made a pull request: #48

Just added integration testing for encrypted data bags. Seems to work fine, although creating them is less-than-trivial. Could be a nice patch to knife to allow for local saving of encrypted data bags. In the mean time you can create them with this: https://gist.github.com/2896172

Have you seen this project? https://github.com/thbishop/knife-solo_data_bag
Perhaps it can be merged in.

Any thoughts on that @thbishop? I'm happy to discuss it though my gut reaction is to keep them separate but reference each other in the docs. For example I'd be happy to reference knife-solo_data_bag from https://github.com/matschaffer/knife-solo#cook-command rather than the gist I have up there now. Course I'd be nice if it worked first, but I see @der-flo already has a PR open for that. ;)

@matschaffer yeah, I think it makes sense to keep it separate. I can add a blurb in the README that references knife-solo if more functionality is needed.

Sweet, let's do that then. I'll add an issue to try out your gem and update our readme. Prolly get around to it this weekend or early next week. Thanks!

FYI, using #83 to track this