cookbook 'ssl-key-vault', '= 0.3.0', :supermarket
ssl-key-vault (10) Versions 0.3.0 Follow0
SSL key & certificate storage in chef-vault
cookbook 'ssl-key-vault', '= 0.3.0'
knife supermarket install ssl-key-vault
knife supermarket download ssl-key-vault
ssl-key-vault cookbook
This cookbook manages OpenSSL key pairs, using chef-vault to share and store private keys.
This cookbook's home is at https://github.com/3ofcoins/ssl-key-vault/
Requirements
Usage
- Generate a self-signed key or a secret key and certificate.
-
Store the private key in chef-vault. The name should be set to ssl-key-key.name.:
$ ruby -rjson -e 'puts JSON[Hash[Hash[*ARGV].map { |k,v| [k, File.read(v)] }]]' -- \ chain.pem example.com.chain.pem \ crt example.com.crt \ csr example.com.csr \ key example.com.key \ pem example.com.pem \ > example.com.json
$ knife encrypt create certs --mode client \ --search 'QUERY' --admins '' \ --name ssl-key-example_com \ --json /path/to/example.com.json
Either add Chef server's admin API users to the
--admins
, or make the key otherwise accessible to yourself in future (e.g. with knife-briefcase). Add the certificate to node's
ssl_certificates
attribute (key is key's name, and value is full certificate):
default_attributes :ssl_certificates => {
'example.com' => true
}
- Add
recipe[ssl-key-vault]
to node's run list.
The key will be stored in /etc/ssl/private/key.name.key
, and
certificate in /etc/ssl/certs/key.name.pem
.
TODOs & questions
I don't have much of idea currently how to add tests, with chef-vault, encrypted data bags, and such.
Author
Author: Maciej Pasternacki maciej@3ofcoins.net
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Change History
0.3.0
- Drop
chef_gem
, usegem
in metadata, require chef 12.8+
0.2.4
- Merge #1 (@raoulwissink)
0.2.3
- Fix bugs
0.2.2
- Moved rake task to files/ to have it packaged
0.2.1
- Sample Rake snippet (NFY)
0.2.0
- Cleanups
0.1.2
- Support multiple certificate files (for separate CA path file)
0.1.1
- Add default empty
node['ssl_certificates']
0.1.0
- Initial release
Collaborator Number Metric
0.3.0 failed this metric
Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.3.0 passed this metric
Foodcritic Metric
0.3.0 passed this metric
License Metric
0.3.0 passed this metric
No Binaries Metric
0.3.0 passed this metric
Publish Metric
0.3.0 passed this metric
Supported Platforms Metric
0.3.0 passed this metric
Testing File Metric
0.3.0 passed this metric
Version Tag Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.0 failed this metric
0.3.0 passed this metric
Foodcritic Metric
0.3.0 passed this metric
License Metric
0.3.0 passed this metric
No Binaries Metric
0.3.0 passed this metric
Publish Metric
0.3.0 passed this metric
Supported Platforms Metric
0.3.0 passed this metric
Testing File Metric
0.3.0 passed this metric
Version Tag Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.0 passed this metric
0.3.0 passed this metric
No Binaries Metric
0.3.0 passed this metric
Publish Metric
0.3.0 passed this metric
Supported Platforms Metric
0.3.0 passed this metric
Testing File Metric
0.3.0 passed this metric
Version Tag Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.0 passed this metric
0.3.0 passed this metric
Supported Platforms Metric
0.3.0 passed this metric
Testing File Metric
0.3.0 passed this metric
Version Tag Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.0 passed this metric
0.3.0 passed this metric
Version Tag Metric
0.3.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.3.0 failed this metric