Password and sensitive information strategies when using Vagrant and Chef-solo for personal use
Data bags
This is the best option when working within a team but is too complicated for personal use.
Password Shadow Hash
Not as complicated as data bags but required that ruby-shadow is installed on your provision target. Another drawback is that you need to repeat the mkpasswd/openssl passwd command and copy & paste to recipe steps each time there is a change in the sensitive information.
ENV variables (BEST OPTION)
Since Vagrant is serving up the provision you can leverage local ENV settings within the Vagrantfile. This approach doesn't require ruby-shadow and when sensitive information changes you simply edit your environmental variables and they will be picked up on the next vagrant run. Don't forget to run source ~/.profile in the shell where the vagrant command is executed.
export AWS_ACCESS_KEY_ID="***********************" export AWS_SECRET_ACCESS_KEY="******************************" export MY_PUBLIC_SSH_KEY_PATH=$HOME/.ssh/id_rsa.pub export MY_PRIVATE_SSH_KEY_PATH=$HOME/.ssh/id_rsa
Vagrant.configure("2") do |config|
config.vm.hostname = "test_server"
config.vm.box = "precise64"
config.vm.network :private_network, ip: "33.33.33.10"
config.vm.provision :chef_solo do |chef|
chef.json = {
misc: {
ssh_key: File.read(ENV['MY_PUBLIC_SSH_KEY_PATH']),
ssh_private_key: File.read(ENV['MY_PRIVATE_SSH_KEY_PATH']),
},
aws: {
access_key_id: ENV['AWS_ACCESS_KEY_ID'],
secret_access_key: ENV['AWS_SECRET_ACCESS_KEY']
}
}
end
end
gitolite_user node.gitolite.username do ...omitted ssh_key node.misc.ssh_key end
- Pushed on 09/23/2013 by Christian