Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms


chef_vault_users (5) Versions 0.3.1

Installs/Configures chef_vault_users

cookbook 'chef_vault_users', '= 0.3.1'
cookbook 'chef_vault_users', '= 0.3.1', :supermarket
knife cookbook site install chef_vault_users
knife cookbook site download chef_vault_users

chef_vault_users cookbook

Manage systems users with credentials stored in chef-vault.


Uses the cookbook.

It also requires the following gems (installed automatically by chef):

  • ruby-shadow
  • unix-crypt



The best way of using this cookbook is by storing user credentials securely using chef-vault.

Firstly, create an encrypted data bag using chef vault:

$ knife vault blah

chef_vault_users looks at the users attribute for a hash of which users to manage. This means the chef-vault databag can be reused as it only stores username/password combinations.

The simplest usage uses all defaults

override['users']['a_user']['password'] = true

This will read the password from the chef-vault databag with all attributes set to default values (see below).

For more control you can also define a user using attributes:

override['chef_vault_users']['users']['a_user'] = { 
  'password' => true,
  'password_is_plain' => true,
  'uid' => 1005,
  'gid' => 1005

In this case, we will get a plaintext password from chef-vault which will then be hashed using

If you omit 'password_is_plain' attribute, or set it to false, then we will expect to find a hashed password.

Plain text password

Instead of using chef-vault, you can also specify the password directly.

override['chef_vault_users']['users']['a_user']['password'] = 'mypassword'

Password hash

You can also put a password hash directly in the attributes:

override['chef_vault_users']['users']['a_user']['password'] = '$6$xxxxxxxxx$yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy'


See attributes/default.rb for default values.

Main attributes:

  • node['users'] - The hash of users
  • node['chef_vault_users']['default_shell'] - The default shell for users
  • node['chef_vault_users']['databag'] - Name of the default chef-vault data bag

You can add your user's ssh public keys to an array in:

  • node['users'][USERNAME]['ssh_keys']

The following attributes are mapped onto the standard chef user resource:

  • node['users'][USERNAME]['comment']
  • node['users'][USERNAME]['uid']
  • node['users'][USERNAME]['gid']
  • node['users'][USERNAME]['home']
  • node['users'][USERNAME]['shell']
  • node['users'][USERNAME]['system']
  • node['users'][USERNAME]['action']
  • node['users'][USERNAME]['manage_home']

If you want to reuse the user configuration, consider putting it in a role or a users cookbook.

Dependent cookbooks

chef-vault >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Foodcritic Metric

0.3.1 failed this metric

FC019: Access node attributes in a consistent manner: /tmp/cook/535e5dadf1cbbb90be6e3a47/chef_vault_users/recipes/users.rb:67
FC046: Attribute assignment uses assign unless nil: /tmp/cook/535e5dadf1cbbb90be6e3a47/chef_vault_users/attributes/default.rb:4
FC046: Attribute assignment uses assign unless nil: /tmp/cook/535e5dadf1cbbb90be6e3a47/chef_vault_users/attributes/default.rb:5