cookbook 'gitlab-attributes-with-secrets', '~> 0.1.0'
gitlab-attributes-with-secrets (1) Versions 0.1.0 Follow0
Library for working with vault secrets
cookbook 'gitlab-attributes-with-secrets', '~> 0.1.0', :supermarket
knife supermarket install gitlab-attributes-with-secrets
knife supermarket download gitlab-attributes-with-secrets
gitlab-attributes-with-secrets-cookbook
Overwrite node attributes with values from a Chef Vault item at run time.
Usage
Suppose your recipe's attributes are in node['my-cookbook']['my-recipe']
. You
want to store some of the attributes in a Chef Vault called 'my-vault' (with
item 'my-item' ) instead of in the node attributes. At the start of your
recipe, write:
chef_gem 'chef-vault'
require 'chef-vault'
my_recipe_conf = GitLab::AttributesWithSecrets.get(node, 'my-cookbook', 'my-recipe')
You now have a hash my_recipe_conf
which you can use wherever you would
otherwise write node['my-cookbook']['my-recipe']
. At run time, this hash will
contain a mix of regular attributes and secrets.
In the Chef role applied to your nodes that should see the secrets, specify
which vault and vault item to use.
{
"my-cookbook": {
"my-recipe": {
"not_secret": "everybody is allowed to see this",
"chef_vault": "my-vault",
"chef_vault_item": "my-item"
}
}
In your Chef Vault item, you can just mirror the structure of your node
attributes. Note that the 'id' field is used by Chef Vault itself.
{
"id": "my-item",
"my-cookbook": {
"my-recipe": {
"secret": "need to know only"
}
}
}
Then at run time, the my_recipe_conf
hash will look like:
{
"my-cookbook": {
"my-recipe": {
"not_secret": "everybody is allowed to see this",
"secret": "need to know only",
"chef_vault": "my-vault",
"chef_vault_item": "my-item"
}
}
}
License and Authors
Author:: GitLab B.V. (jacob@gitlab.com)
MIT license
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
0.1.0
Initial release of gitlab-attributes-with-secrets
Collaborator Number Metric
0.1.0 failed this metric
Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.0 failed this metric
FC064: Ensure issues_url is set in metadata: gitlab-attributes-with-secrets/metadata.rb:1
FC065: Ensure source_url is set in metadata: gitlab-attributes-with-secrets/metadata.rb:1
FC066: Ensure chef_version is set in metadata: gitlab-attributes-with-secrets/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: gitlab-attributes-with-secrets/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.0 failed this metric
FC064: Ensure issues_url is set in metadata: gitlab-attributes-with-secrets/metadata.rb:1
FC065: Ensure source_url is set in metadata: gitlab-attributes-with-secrets/metadata.rb:1
FC066: Ensure chef_version is set in metadata: gitlab-attributes-with-secrets/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: gitlab-attributes-with-secrets/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
FC065: Ensure source_url is set in metadata: gitlab-attributes-with-secrets/metadata.rb:1
FC066: Ensure chef_version is set in metadata: gitlab-attributes-with-secrets/metadata.rb:1
FC067: Ensure at least one platform supported in metadata: gitlab-attributes-with-secrets/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number