Module: Desviar

Defined in:
lib/auth.rb,
lib/model.rb,
lib/desviar.rb,
lib/encrypt.rb,
lib/version.rb,
lib/desviar/client.rb

Overview

An EncryptedDataBagItem represents a read-only data bag item where all values, except for the value associated with the id key, have been encrypted.

EncrypedDataBagItem can be used in recipes to decrypt data bag item members.

Data bag item values are assumed to have been encrypted using the default symmetric encryption provided by Encryptor.encrypt where values are converted to YAML prior to encryption.

If the shared secret is not specified at initialization or load, then the contents of the file referred to in Chef::Config will be used as the secret. The default path is /etc/chef/encrypted_data_bag_secret

EncryptedDataBagItem is intended to provide a means to avoid storing data bag items in the clear on the Chef server. This provides some protection against a breach of the Chef server or of Chef server backup data. Because the secret must be stored in the clear on any node needing access to an EncryptedDataBagItem, this approach provides no protection of data bag items from actors with access to such nodes in the infrastructure.

Defined Under Namespace

Modules: Model Classes: Auth, Authorized, Client, EncryptedItem, Public

Constant Summary collapse

VERSION = 
"0.0.18"
RELEASE = 
"2013-08-04"
TIMESTAMP = 
"2013-08-04 22:38:12 -07:00"

Class Method Summary collapse

Class Method Details

.infoObject 



6
7
8
 
# File 'lib/version.rb', line 6

def self.info
  "#{name} v#{VERSION} (#{RELEASE})"
end

.to_hObject 



10
11
12
13
14
15
16
 
# File 'lib/version.rb', line 10

def self.to_h
  { :name      => name,
    :version   => VERSION,
    :release   => RELEASE,
    :timestamp => TIMESTAMP,
    :info      => info }
end