Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

The client-rekey cookbook has been deprecated

The client-rekey cookbook has been deprecated and is no longer being maintained by its authors. Use of the client-rekey cookbook is no longer recommended.


client-rekey (3) Versions 0.3.0

Regenerates your client key

cookbook 'client-rekey', '~> 0.3.0'
cookbook 'client-rekey', '~> 0.3.0', :supermarket
knife supermarket install client-rekey
knife supermarket download client-rekey
Quality 88%

client-rekey Cookbook

Build Status Cookbook Version

Regenerates a chef-client's API key. You want to use this if you believe your client keys could be exposed as a result of the heartbleed vulnerability.

By default, this cookbook will cause chef-client to rekey itself every 24 hours. This can be adjusted with the attribute node['client-rekey']['interval'], which is the maximum allowed age of the client key in seconds.

The library in this cookbook will honor the client configuration setting local_key_generation. If set to true in the client.rb configuration file, the private key will be generated locally and only the public key will travel over the wire. This requires a Chef 11 server.


If you use chef-vault or any other code that uses your client's keys, you'll need to re-encrypt your data each time you rekey.

Supported Platforms

This is expected to work on all platforms that chef-client supports.


node['client-rekey']['interval']: This recipe uses the mtime of your client.pem to determine when it was last updated. If the difference between now and the file's mtime is greater than this interval setting, your client key will be regenerated.



Include client-rekey in your node's run_list:

  "run_list": [


  1. Fork the repository on Github
  2. Create a named feature branch (i.e. add-new-recipe)
  3. Write you change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request

License & Authors

Copyright:: 2009-2015, Chef Software, Inc

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.

client-rekey Cookbook CHANGELOG

This file is used to list changes made in each version of the client-rekey cookbook.

0.3.0 (2017-04-20)

  • Resolve Cookstyle warnings
  • Changed to Chef::ServerAPI from Chef::REST as Chef::REST is deprecated when on Chef > 12.7
  • Switch testing to delivery local from Rake
  • Use a standardized license string in the metadata
  • Add chef_version metadata
  • Add supports metadata


  • Make API call Chef 10 compat
  • Added travis and cookbook version badges to the readme
  • Updated chefignore and .gitignore files
  • Updated platforms in the Test Kitchen config
  • Added standard Rubocop file
  • Added Travis CI testing
  • Removed yum from Berksfile and removed version constraint on Apt
  • Added contributing and testing docs
  • Updated Gemfile with testing deps
  • Added and maintainers.toml
  • Added rakefile for simplified testing
  • Added source_url and issues_url metadata
  • Added basic Chefspec convergence test
  • Updated Berksfile with testing deps
  • Updated Opscode -> Chef Software
  • Resolved multiple rubocop warnings


Initial release of client-rekey

  • Enhancements

    • an enhancement
  • Bug Fixes

    • a bug fix

Collaborator Number Metric

0.3.0 passed this metric

Contributing File Metric

0.3.0 passed this metric

Foodcritic Metric

0.3.0 passed this metric

No Binaries Metric

0.3.0 passed this metric

Publish Metric

0.3.0 failed this metric

client-rekey is deprecated

Supported Platforms Metric

0.3.0 passed this metric

Testing File Metric

0.3.0 passed this metric

Version Tag Metric

0.3.0 passed this metric