Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status


tls (16) Versions 1.0.1

Deploy TLS certificates

cookbook 'tls', '= 1.0.1', :supermarket
cookbook 'tls', '= 1.0.1'
knife supermarket install tls
knife supermarket download tls
Quality 50%


Chef cookbook to deploy SSL/TLS certificates on the system. Data is stored in an encrypted data bag which name is specified in the attribute node['tls']['data_bag_name'] (by default tls). Data bag item name matches node.chef_environent value.

All files will be placed under the directory specified in attribute node['tls']['base_dir'] (by default /etc/chef-tls).

The default recipe tls::default creates base directory to store files. Certificate deployment is made by using tls_certificate resource. For example,

tls_certificate 'www.domain.tld' do
  action :deploy

Encrypted data bag format is as follows:

  "id": "development",
  "certificates": [
      "domains": [ // Domain list
      "chain": [ // Certificate chain (from leaf to root, PEM encoded, new lines should be escaped)
        "-----BEGIN CERTIFICATE-----\nMIIFNjCC........4PcGNXXA\n-----END CERTIFICATE-----",
        "-----BEGIN CERTIFICATE-----\nMIIEkjCC........NFu0Qg==\n-----END CERTIFICATE-----"
      "private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIB........8tt8JA==\n-----END RSA PRIVATE KEY-----", // Certificate private key (PEM encoded, new lines should be escaped)
      "hpkp_pins": [ // HPKP pins (base64 encoded)
      "scts": { // SCTs (base64 encoded)
        "google_aviator": "AGj2mPgf........3nYNtNU=",
        "google_pilot": "AKS5CZC0........RnySxdE=",
        "google_rocketeer": "AO5Lvbd1........bdC+zlI="

Different software (e.g. Nginx, Postfix) will require paths to deployed certificates, private keys and SCTs. To obtain these paths, you should make use of ChefCookbook::TLS helper in your recipes. Below is an example:

tls_item = 'www.domain.tld'

tls_item.certificate_path  # Get path to the certificate
tls_item.certificate_private_key_path  # Get path to the certificate's private key
tls_item.scts_dir  # Get path to the folder with deployed SCTs
tls_item.hpkp_pins  # Get array of HPKP pins


MIT @ Alexander Pyatkin

Collaborator Number Metric

1.0.1 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Foodcritic Metric

1.0.1 passed this metric