Menu

Chef Supermarket

Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

View our collection of guides, documentation, and articles

Cookbooks
Advanced Options

Select Badges

Select Supported Platforms

Select Status

RSS

ssl-key-vault (10) Versions 0.2.4

SSL key & certificate storage in chef-vault

Policyfile
Berkshelf
Knife 
cookbook 'ssl-key-vault', '= 0.2.4', :supermarket
cookbook 'ssl-key-vault', '= 0.2.4'
knife supermarket install ssl-key-vault
knife supermarket download ssl-key-vault
README
Dependencies
Changelog
Quality 86%

ssl-key-vault cookbook

This cookbook manages OpenSSL key pairs, using
chef-vault to share and
store private keys.

This cookbook's home is at https://github.com/3ofcoins/ssl-key-vault/

Requirements

Usage

  1. Generate a self-signed key or a secret key and certificate.

  2. Store the private key in chef-vault. The name should be set to
    ssl-key-key.name.:

    $ ruby -rjson -e 'puts JSON[Hash[Hash[*ARGV].map { |k,v| [k, File.read(v)] }]]' -- \
    chain.pem example.com.chain.pem \
    crt example.com.crt \
    csr example.com.csr \
    key example.com.key \
    pem example.com.pem \
    > example.com.json

    $ knife encrypt create certs --mode client \
  --search 'QUERY' --admins '' \
  --name ssl-key-example_com \
  --json /path/to/example.com.json

    Either add Chef server's admin API users to the --admins, or make
    the key otherwise accessible to yourself in future (e.g. with
    knife-briefcase).

  3. Add the certificate to node's ssl_certificates attribute (key is
    key's name, and value is full certificate):

default_attributes :ssl_certificates => {
  'example.com' => true
}
  1. Add recipe[ssl-key-vault] to node's run list.

The key will be stored in /etc/ssl/private/key.name.key, and
certificate in /etc/ssl/certs/key.name.pem.

TODOs & questions

I don't have much of idea currently how to add tests, with chef-vault,
encrypted data bags, and such.

Author

Author: Maciej Pasternacki maciej@3ofcoins.net

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Change History

0.2.4

  • Merge #1 (@raoulwissink)

0.2.3

  • Fix bugs

0.2.2

  • Moved rake task to files/ to have it packaged

0.2.1

  • Sample Rake snippet (NFY)

0.2.0

  • Cleanups

0.1.2

  • Support multiple certificate files (for separate CA path file)

0.1.1

  • Add default empty node['ssl_certificates']

0.1.0

  • Initial release

License Metric 
            
0.2.4 failed this metric
FC064: Ensure issues_url is set in metadata: ssl-key-vault/metadata.rb:1
FC065: Ensure source_url is set in metadata: ssl-key-vault/metadata.rb:1
FC066: Ensure chef_version is set in metadata: ssl-key-vault/metadata.rb:1
FC075: Cookbook uses node.save to save partial node data to the chef-server mid-run: ssl-key-vault/recipes/default.rb:27
Run with Foodcritic Version 12.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

Maciej Pasternacki Maciej Pasternacki
Marta Paciorkowska

Details

View Source View Issues

Updated February 11, 2015 Created on

Supported Platforms

  • ubuntu >= 0.0.0

License

MIT

Download Cookbook