Module: Chef::DSL::Secret

Included in:
Universal
Defined in:
lib/chef/dsl/secret.rb

Instance Method Summary collapse

Instance Method Details

#secret(name: nil, version: nil, service: nil, config: {}) ⇒ Object

Helper method which looks up a secret using the given service and configuration, and returns the retrieved secret value. This DSL providers a wrapper around [Chef::SecretFetcher]

Use of the secret helper in the context of a resource block will automatically mark that resource as 'sensitive', preventing resource data from being logged. See [Chef::Resource#sensitive].

See individual fetcher documentation to know what to expect for a given service.

This example uses the built-in :example secret manager service, which accepts a hash of secrets.

value = secret(name: "test1", service: :example, config: { "test1" => "value1" })
log "My secret is #{value}"

value = secret(name: "test1", service: :aws_secrets_manager, version: "v1", config: { region: "us-west-1" })
log "My secret is #{value}"

Parameters:

  • name (Hash) (defaults to: nil)

    a customizable set of options

  • version (Hash) (defaults to: nil)

    a customizable set of options

  • service (Hash) (defaults to: nil)

    a customizable set of options

  • config (Hash) (defaults to: {})

    a customizable set of options

Options Hash (name:):

  • The (Object)

    identifier or name for this secret

Options Hash (version:):

  • The (Object)

    secret version. If a service supports versions and no version is provided, the latest version will be fetched.

Options Hash (service:):

  • The (Symbol)

    service identifier for the service that will perform the secret lookup. See

    Chef::SecretFetcher::SECRET_FETCHERS

Options Hash (config:):

  • The (Hash)

    configuration that the named service expects


52
53
54
55
56
57
58
59
# File 'lib/chef/dsl/secret.rb', line 52

def secret(name: nil, version: nil, service: nil, config: {})
  Chef::Log.warn <<~EOM.gsub("\n", " ")
    The secrets Chef Infra language helper is currently in beta. If you have feedback or you would
    like to be part of the future design of this helper e-mail us at [email protected]"
  EOM
  sensitive(true) if is_a?(Chef::Resource)
  Chef::SecretFetcher.for_service(service, config, run_context).fetch(name, version)
end