Skip to content

Instantly share code, notes, and snippets.

@pezra

pezra/vault-weirdness.md

Last active February 19, 2016 15:26
Show Gist options
  • Save pezra/0bb04564bdd81b67285b to your computer and use it in GitHub Desktop.
Save pezra/0bb04564bdd81b67285b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
vault-weirdness.md

background

There is a node

$ knife search node  "name:N-T-DROPT-POST-01"
1 items found

Node Name:   N-T-DROPT-POST-01
Environment: dit
FQDN:        N-T-DROPT-POST-01.comverge.com
IP:          10.154.114.46
Run List:    
Roles:       
Recipes:     
Platform:    ubuntu 14.04
Tags:

With a matching client

$ knife search client  "name:N-T-DROPT-POST-01" # a matching client exists
1 items found

admin:      false
chef_type:  client
json_class: Chef::ApiClient
name:       N-T-DROPT-POST-01
public_key: -----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvX7wLzzJTWlhlwqFnxPk
xma8j1alFMIXLMgiyNBByaDvLIM1D4zFNss2DNvhVP/SQHeWBXUjoaP0vaSewj4i
cdgYaVfhRwmHEIXLmXpACcqPmZvvSh1IjCuYpDIQ2oy1PdI+egV8DOg6rzLmcj3/
2LK0dMkdEYo0W0o/GYs06nBfi8WhPjvJMY+iCBDG4Ou29LvwM8hZ2I4QjjmA+gmd
TgEqLNcQHk55JPNmHh0cj+xZo27/c3+xGvC7syYvrN1Z7m2hbgqDvX1X0gSiMw/6
Dw09xqytDrHIfi/yhUTSQA3uNrLRRHuRVQHWy8usbQ4XbheVF68EG1ECj6rBpPBu
MQIDAQAB
-----END PUBLIC KEY-----

validator:  false

The vault does not exist yet

$ knife vault show dit-secrets deploy_rsa 
ERROR: ChefVault::Exceptions::KeysNotFound: dit-secrets/deploy_rsa_keys could not be found

creating the vault

Create the vault

$ knife vault create dit-secrets deploy_rsa '{"test": "hello"}' -A pwilliams -S "name:N-T-DROPT-POST-01"

Get the vault. It works.

$ knife vault show dit-secrets deploy_rsa -F json
{
  "id": "deploy_rsa",
  "test": "hello"
}

Get vault data bag

$ knife data bag show dit-secrets deploy_rsa -F json
WARNING: Encrypted data bag detected, but no secret provided for decoding.  Displaying encrypted data.
{
  "id": "deploy_rsa",
  "test": {
    "encrypted_data": "ArK8tdtID35NHg4rMoCaW94dEGn2UnBGPkWUiXWzHaI=\n",
    "iv": "tTYeWkr03w1ZvDkk6u3qkw==\n",
    "version": 1,
    "cipher": "aes-256-cbc"
  }
}

Get the vault "_keys" data bag. Notice the "" client and the absence of N-T-DROPT-POST-01 client.

$ knife data bag show dit-secrets deploy_rsa_keys -F json
Unencrypted data bag detected, ignoring any provided secret options.
{
  "id": "deploy_rsa_keys",
  "admins": [
    "pwilliams"
  ],
  "clients": [
    ""
  ],
  "search_query": "name:N-T-DROPT-POST-01",
  "": "txDmXbAVs/b/AMWCpPQYyuoufla4Nc6ks0Up5b8Ca8D6Bx3Jw3jiD/ND5dUK\nH7NXGZM3BLnNvGhBRebnwr8ih6i8fLWsYCeDp8xh+IMWuPIHp/4EjUUqL0VU\nx835OssMI5cKXD02C2E2CyjbXRR62deXkuMzbI/Kpq3VU5PdL2wQL3piiz/p\npiCDR9Tw7l+d9BGvmgnUznPvqysaWAtN8B4759Azkpae6JD4QDGyIepiKrGN\nknYmqgh81VTFx+PgUdoOQaOcRXYhhCycxMdf0aS63MO9qdtQUgW+woA8R7N7\nUqNVoFJo7fFRjmb/XFaRw3Jtc4SFRd+/XI38Ucm75g==\n",
  "pwilliams": "Hv5VOwfM3uoVAfpMBOpGdhQ4+Tm9TMJ/pz5He81YviJfKLHguG9RW/dtrcv2\na2UrMiFrMFaxMznBdsXi1SWiNrTTlzXSN0ztKzxpEMaPB4dNYkRXliFgRW0K\nHJQuAV3qF4dDxWO8mWaQQzxhL6Zy+B19cR7CH+mtqEIvEPYEi7YutUBedhW/\nqZtY/EOSya5lWTzTWuGnDXsoAzYByZIMrYKE4zPoHCvLEDAlu6K3e2uH4dil\nlG/iv1N5umhIUYupa5piPZl43JMHYg1gYUjQCJC086NE+iJrT9GiA7DYJdSM\nyW/z8xl4koHP9kC4SwgroEoYigvtiHSf6adRCmMBFA==\n"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment