I have an application I'd like to provision a VPS server for using Chef. My application uses a file that sets up environment variables containing secure API keys for various third party services. I could just manually add this to the server, but it seems like something I should automate with Chef. However, I plan on keeping my "kitchen", or set of cookbooks for provisioning the application server, in a Git repo. I don't want to add these API keys to the repo. What's the best way to keep these out of the kitchen's repo but available to Chef for provisioning?
Use chef-vault!
It uses the PKI that you already have through Chef Client's certificates and is way more flexible and easier to manage than encrypted data bags.
There's also a very detailed post by Joshua Timberman entitled Managing Secrets with Chef Vault.
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
コメントを追加