jeremymv2 · July 24, 2018 19:34
diff --git a/client.rb b/client.rb
 # this is the secret used for encrypting/decryting encrypted databags
 # https://docs.chef.io/data_bags.html#encrypt-a-data-bag-item
 # defaults to /etc/chef/encrypted_data_bag_secret
 encrypted_data_bag_secret '/path/to/file/with/secret'
diff --git a/config.json b/config.json
 # If you define `supermarket-custom-credentials` in the config.json
 # delivery-truck will automagically load your Internal Supermarket
 # username + pem key from the `delivery-secrets` databag on the Chef Server
 # this user credential must have the access needed to publish cookbooks
 # and the databag must already exist.

 "delivery-truck":{
  "publish": {
    "chef_server": "true",
    "supermarket": "https://supermarket.chef.io",
    "supermarket-custom-credentials": "true"
  }
 }
diff --git a/delivery-secrets.json b/delivery-secrets.json
 # The databag name must be `delivery-secrets`.
 # Note that if you don't want to create per-project databag items,
 # you can create an organization-wide databag item named: "ENTERPRISE-OGRANIZATION"

 {
  "id": "ENTERPRISE-ORGANIZATION-PROJECT",
  "supermarket_user": "the_user_credential_name",
  "supermarket_key": "the_user_credential_pemkey",
 }
 
 # the `supermarket_key` above needs to be a PEM key in json format
 # it is private key of the above Chef Server user associated with the Supermarket instance
 # you can create a json formatted key from a .pem very easily with:
 # cat /path/to/priv.pem  | sed s/$/\\\\n/ | tr -d '\n'
          
 # IMPORTANT: The key is to trigger a new login dance between Supermarket and the 
 # Chef Server so that Supermarket can retrieve the user's most up-to-date public key from the Chef Server.
 # To do this, log in and out of the Supermarket UI. Supermarket can only use the user's
 # primary key - so if the user has multiple keys in the Chef Server, take this into account.
diff --git a/deploy.rb b/deploy.rb
 # https://github.com/chef-cookbooks/delivery-sugar/blob/master/README.md#resource-delivery_supermarket
 # As an alternative to setting `supermarket-custom-credentials` in `config.json`
 # you can also directly utilize the `delivery_supermarket` resource.
 # Directly using the `delivery_supermarket` resource allows you to utilize secrets
 # from something other than an encrypted databag. For instance, vault.

 # https://github.com/chef-cookbooks/delivery-sugar#using-get_chef_vault_data
 # load vaults from the `workflow-vaults` databag
 secrets = get_chef_vault_data # for encrypted databags use `get_project_secrets`

 delivery_supermarket 'share_custom_cookbook' do
  site 'https://my-private-supermarket.example.com'
  user secrets['supermarket_user']
  key secrets['supermarket_key'] # private key of the above Chef Server user associated with the Supermarket instance
  action :share
 end
	# this is the secret used for encrypting/decryting encrypted databags
	# https://docs.chef.io/data_bags.html#encrypt-a-data-bag-item
	# defaults to /etc/chef/encrypted_data_bag_secret
	encrypted_data_bag_secret '/path/to/file/with/secret'
	# If you define `supermarket-custom-credentials` in the config.json
	# delivery-truck will automagically load your Internal Supermarket
	# username + pem key from the `delivery-secrets` databag on the Chef Server
	# this user credential must have the access needed to publish cookbooks
	# and the databag must already exist.

	"delivery-truck":{
	"publish": {
	"chef_server": "true",
	"supermarket": "https://supermarket.chef.io",
	"supermarket-custom-credentials": "true"
	}
	}
	# The databag name must be `delivery-secrets`.
	# Note that if you don't want to create per-project databag items,
	# you can create an organization-wide databag item named: "ENTERPRISE-OGRANIZATION"

	{
	"id": "ENTERPRISE-ORGANIZATION-PROJECT",
	"supermarket_user": "the_user_credential_name",
	"supermarket_key": "the_user_credential_pemkey",
	}

	# the `supermarket_key` above needs to be a PEM key in json format
	# it is private key of the above Chef Server user associated with the Supermarket instance
	# you can create a json formatted key from a .pem very easily with:
	# cat /path/to/priv.pem \| sed s/$/\\\\n/ \| tr -d '\n'

	# IMPORTANT: The key is to trigger a new login dance between Supermarket and the
	# Chef Server so that Supermarket can retrieve the user's most up-to-date public key from the Chef Server.
	# To do this, log in and out of the Supermarket UI. Supermarket can only use the user's
	# primary key - so if the user has multiple keys in the Chef Server, take this into account.
	# https://github.com/chef-cookbooks/delivery-sugar/blob/master/README.md#resource-delivery_supermarket
	# As an alternative to setting `supermarket-custom-credentials` in `config.json`
	# you can also directly utilize the `delivery_supermarket` resource.
	# Directly using the `delivery_supermarket` resource allows you to utilize secrets
	# from something other than an encrypted databag. For instance, vault.

	# https://github.com/chef-cookbooks/delivery-sugar#using-get_chef_vault_data
	# load vaults from the `workflow-vaults` databag
	secrets = get_chef_vault_data # for encrypted databags use `get_project_secrets`

	delivery_supermarket 'share_custom_cookbook' do
	site 'https://my-private-supermarket.example.com'
	user secrets['supermarket_user']
	key secrets['supermarket_key'] # private key of the above Chef Server user associated with the Supermarket instance
	action :share
	end