Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms


ssl-key-vault (10) Versions 0.3.0

SSL key & certificate storage in chef-vault

cookbook 'ssl-key-vault', '= 0.3.0'
cookbook 'ssl-key-vault', '= 0.3.0', :supermarket
knife supermarket install ssl-key-vault
knife supermarket download ssl-key-vault
Quality 78%

ssl-key-vault cookbook

This cookbook manages OpenSSL key pairs, using chef-vault to share and store private keys.

This cookbook's home is at



  1. Generate a self-signed key or a secret key and certificate.
  2. Store the private key in chef-vault. The name should be set to

    $ ruby -rjson -e 'puts JSON[Hash[Hash[*ARGV].map { |k,v| [k,] }]]' -- \
        chain.pem \
        crt \
        csr \
        key \
        pem \
    $ knife encrypt create certs --mode client \
      --search 'QUERY' --admins '' \
      --name ssl-key-example_com \
      --json /path/to/

    Either add Chef server's admin API users to the --admins, or make the key otherwise accessible to yourself in future (e.g. with knife-briefcase).

  3. Add the certificate to node's ssl_certificates attribute (key is key's name, and value is full certificate):

default_attributes :ssl_certificates => {
  '' => true
  1. Add recipe[ssl-key-vault] to node's run list.

The key will be stored in /etc/ssl/private/, and certificate in /etc/ssl/certs/

TODOs & questions

I don't have much of idea currently how to add tests, with chef-vault, encrypted data bags, and such.


Author: Maciej Pasternacki

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Change History


  • Drop chef_gem, use gem in metadata, require chef 12.8+


  • Merge #1 (@raoulwissink)


  • Fix bugs


  • Moved rake task to files/ to have it packaged


  • Sample Rake snippet (NFY)


  • Cleanups


  • Support multiple certificate files (for separate CA path file)


  • Add default empty node['ssl_certificates']


  • Initial release

Collaborator Number Metric

0.3.0 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric

0.3.0 passed this metric

Foodcritic Metric

0.3.0 passed this metric

License Metric

0.3.0 passed this metric

No Binaries Metric

0.3.0 passed this metric

Publish Metric

0.3.0 passed this metric

Supported Platforms Metric

0.3.0 passed this metric

Testing File Metric

0.3.0 passed this metric

Version Tag Metric

0.3.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must include a tag that matches this cookbook version number