Information Technology Reference
In-Depth Information
First, generate a password to be used as a shared key. Enter in the following command line,
which generates a 512-byte random key and saves it to the file
encryp-
ted_data_bag_secret
:
$
openssl rand -base64 512 | tr -d '\r\n' > encrypted_data_bag_secret
When symmetric key encryption is used, the password is typically a random key generated
by a machine instead of a human. So we used
openssl
tool to generate a 512-byte random
key. In order to represent the binary data contained in the key, we tell
openssl
to use base64
encoding to represent the binary data as an ASCII string. Further, since by default the output
of
openssl
contains linefeeds, which are different depending on the platform, we use the
translate (
tr
) command to remove any linefeed characters from the secret key. Removing
linefeed characters ensures that the bytes in the random key will be the same even if the plat-
form is different.
For some test data, let's create a
.json
file that contains the api key to access our credit card
payment system. This is definitely something we want to keep from prying eyes. In addition
to the required
id:
field, we'll add an
api_key
field to store api_key.
First, create a new directory to hold the data bag under
chef-playground/data_bags
to hold
our
api_keys
.
Linux/Mac OS X:
$
mkdir -p data_bags/api_keys
Windows:
>
mkdir data_bags\api_keys
Now create the file
chef-playground/data_bags/api_keys/payment_system.json
by using the
code provided in
Example 13-6
.
Example 13-6. chefdk/chef-playground/data_bags/api_keys/payment.json
{
"id"
:
"payment"
,
"api_key"
:
"592c879e-f37d-43e6-8b54-8c2d97cf04d4"
}