Check out the last couple comments on #22. I'd be happy to incorporate
better data bag management but I think starting it as a separate gem is a
good stepping stone.

-Mat

On Aug 7, 2012, at 5:42 PM, Fabrizio Regini notifications@github.com
wrote:

I've been working on a similar project lately, then I saw yours and I'm
evaluating to switch and possibly contribute to it. The main difference I
see is the lack of a built-in utility to manipulate encrypted data bags
(encrypt and decrypt them). If there's any plan for this feature to be
introduced, I may provide a possible solution in a pull request.

My idea is basically to assume an encryption key file to be present in root
or data_bags folder, and encrypt any *.rb file in data_bags folder to the
corresponding json file (and vice versa for decryption).

What do you think about it?

—
Reply to this email directly or view it on
GitHubhttps://github.com//issues/83.

Update on #22 from @thbishop was to keep them separate but cross-reference. I'll look into that and update here.

I put together a rough script to edit data bags. I was about to create a few knife commands for it but I came across knife-solo_data_bag. I'll probably stick to the script for now so I don't have to have two different solo.rb's.

This is the script if anyone is interested:

https://gist.github.com/4123044

Why did you need two solo.rb's?

-Mat

On Nov 20, 2012, at 23:41, Aaron Jensen notifications@github.com wrote:

I put together a rough script to edit data bags. I was about to create a
few knife commands for it but I came across knife-solo_data_bag. I'll
probably stick to the script for now so I don't have to have two different
solo.rb's.

This is the script if anyone is interested:

https://gist.github.com/4123044

—
Reply to this email directly or view it on
GitHubhttps://github.com//issues/83#issuecomment-10585391.

Maybe I was doing something wrong but it uses your local solo.rb to find
the data bag path. So you either need to modify the solo.rb in your home
directory or specify one with -c.

Also, it seemed like the resulting data bag was serialized incorrectly. It
was more than just the data bag itself, the data bag was in a raw_data
field within what looked like a Json marshaled class. I didn't dig much
further as the usage of it was more cumbersome than my script.

Aaron

On Nov 21, 2012, at 7:37 AM, Mat Schaffer notifications@github.com wrote:

Why did you need two solo.rb's?

-Mat

On Nov 20, 2012, at 23:41, Aaron Jensen notifications@github.com wrote:

I put together a rough script to edit data bags. I was about to create a
few knife commands for it but I came across knife-solo_data_bag. I'll
probably stick to the script for now so I don't have to have two different
solo.rb's.

This is the script if anyone is interested:

https://gist.github.com/4123044

—
Reply to this email directly or view it on
GitHub<
https://github.com/matschaffer/knife-solo/issues/83#issuecomment-10585391>.

—
Reply to this email directly or view it on
GitHubhttps://github.com//issues/83#issuecomment-10601643.

Hrm... interesting. Thanks for the info. I've actually be wondering if we
need that solo.rb file or not. Or at least reworking it to be usable both
locally and on the workstation. Turns out using the file cache path for the
repo location has some issues so I'm thinking of moving that to a knife.rb
config.

If you're interested in helping out ping me on #chet sometime!

On Wed, Nov 21, 2012 at 10:51 AM, Aaron Jensen notifications@github.comwrote:

Maybe I was doing something wrong but it uses your local solo.rb to find
the data bag path. So you either need to modify the solo.rb in your home
directory or specify one with -c.

Also, it seemed like the resulting data bag was serialized incorrectly. It
was more than just the data bag itself, the data bag was in a raw_data
field within what looked like a Json marshaled class. I didn't dig much
further as the usage of it was more cumbersome than my script.

Aaron

On Nov 21, 2012, at 7:37 AM, Mat Schaffer notifications@github.com
wrote:

Why did you need two solo.rb's?

-Mat

On Nov 20, 2012, at 23:41, Aaron Jensen notifications@github.com wrote:

I put together a rough script to edit data bags. I was about to create a
few knife commands for it but I came across knife-solo_data_bag. I'll
probably stick to the script for now so I don't have to have two different
solo.rb's.

This is the script if anyone is interested:

https://gist.github.com/4123044

—
Reply to this email directly or view it on
GitHub<
https://github.com/matschaffer/knife-solo/issues/83#issuecomment-10585391>.

—
Reply to this email directly or view it on
GitHub<
https://github.com/matschaffer/knife-solo/issues/83#issuecomment-10601643>.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/83#issuecomment-10602382.

I see currently no way of working with encrypted databags in a chef 11 solo environment since https://github.com/thbishop/knife-solo_data_bag doesn't work anymore (due to the rewrites in chef11).
Are there any plans of adding this kind of functionality directly to knife-solo?

Really? I have integration tests on that that have been passing. We don't specify a chef version in those so it should be using the latest. Guess it's time to look for some false positives.

nevermind...the error was another one. sorry for the confusion.

hmm having trouble getting decryption to happen. i can see the key and data_bags rsync'ed successfully. i was able to use knife-solo_data_bag to create and edit the data bags. all the non-encrypted values in my data_bags are accessible from the data_bag and data_bag_item resources in my recipes. but when i try to access an encrypted data_bag_item it does not give me the decrypted value

DEBUG: sudo -p 'knife sudo password: ' chef-solo -c /tmp/chef-solo/solo.rb -j /tmp/chef-solo/nodes/admin01.json -l debug stdout: [2013-05-17T17:09:13-06:00] FATAL: Chef::Exceptions::ValidationFailed: Option comment must be a kind of String!  You passed {"encrypted_data"=>"3rzoY/v1SveG6bdxTFwpmNAmaXN3WeDH5ycKcG9XGRY=\n", "iv"=>"NtBdOQQ2gt9ZMYa4kXPL5Q==\n", "version"=>1, "cipher"=>"aes-256-cbc"}.

[2013-05-17T17:09:13-06:00] FATAL: Chef::Exceptions::ValidationFailed: Option comment must be a kind of String!  You passed {"encrypted_data"=>"3rzoY/v1SveG6bdxTFwpmNAmaXN3WeDH5ycKcG9XGRY=\n", "iv"=>"NtBdOQQ2gt9ZMYa4kXPL5Q==\n", "version"=>1, "cipher"=>"aes-256-cbc"}.
/home/mikesmullin/.rvm/gems/ruby-2.0.0-p0/gems/knife-solo-0.2.0/lib/chef/knife/solo_cook.rb:178:in `cook': chef-solo failed. See output above. (RuntimeError)
        from /home/mikesmullin/.rvm/gems/ruby-2.0.0-p0/gems/knife-solo-0.2.0/lib/chef/knife/solo_cook.rb:68:in `block in run'

is this a knife-solo limitation?

@sbimikesmullin which Chef version do you have in the node? That data bag encrypted in the new format which requires at least v10.18.0 to decrypt.

knife-solo only uploads the data bags and key and passes options to chef-solo. So the problem is with the encryption or compatibility with chef-solo.

ah thx. it turns out the user cookbook is expecting a non-encrypted data bag. sorry :(

from IRC:

[17:44] <@coderanger> No, anything using encrypted bags must use that API specifically
[17:44] <@coderanger> There is no way to know if a bag is encrypted or not just by looking at it

Btw, I'm with Mat in that knife-solo_data_bag is much better as a separate project. Pull requests for linking to it in the documentation are warmly welcome. =)