chef-vault 1.2.5 → 2.0.1.pre
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/Changelog.md +17 -0
- data/KNIFE_EXAMPLES.md +169 -0
- data/README.md +83 -106
- data/bin/chef-vault +25 -19
- data/lib/chef-vault.rb +17 -9
- data/lib/chef-vault/certificate.rb +7 -28
- data/lib/chef-vault/chef_patch/api_client.rb +40 -0
- data/lib/chef-vault/chef_patch/user.rb +33 -0
- data/lib/chef-vault/exceptions.rb +27 -0
- data/lib/chef-vault/item.rb +243 -0
- data/lib/chef-vault/item_keys.rb +121 -0
- data/lib/chef-vault/user.rb +7 -28
- data/lib/chef-vault/version.rb +1 -1
- data/lib/chef/knife/Decrypt.rb +64 -0
- data/lib/chef/knife/encrypt_create.rb +91 -0
- data/lib/chef/knife/encrypt_delete.rb +62 -0
- data/lib/chef/knife/encrypt_remove.rb +100 -0
- data/lib/chef/knife/encrypt_rotate_keys.rb +62 -0
- data/lib/chef/knife/encrypt_update.rb +90 -0
- data/lib/{chef-vault/chef/offline.rb → chef/knife/mixin/compat.rb} +15 -11
- data/lib/chef/knife/mixin/helper.rb +50 -0
- data/spec/chef-vault_spec.rb +19 -30
- data/spec/item_keys_spec.rb +29 -0
- data/spec/item_spec.rb +33 -0
- metadata +23 -21
- data/lib/chef/knife/DecryptCert.rb +0 -59
- data/lib/chef/knife/DecryptPassword.rb +0 -58
- data/lib/chef/knife/EncryptCert.rb +0 -185
- data/lib/chef/knife/EncryptPassword.rb +0 -182
- data/lib/chef/knife/compat.rb +0 -71
checksums.yaml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
!binary "U0hBMQ==":
|
3
|
+
metadata.gz: !binary |-
|
4
|
+
ZDkwMDZmNWZlMDY5MTBlMTAxZWE1ZGJjODg3OGY3OWM3YmQ1NzA5Mw==
|
5
|
+
data.tar.gz: !binary |-
|
6
|
+
NzhlNzg3NzVjNGMzMTEyNDdhOTNkNDU3ODhlOGY3ZTMxZWY0OTc5Nw==
|
7
|
+
!binary "U0hBNTEy":
|
8
|
+
metadata.gz: !binary |-
|
9
|
+
ZWMxNTI0YmY3NDdmYzRiM2M4Y2UxNWJiYzNmMGIzNWQ0Y2Q4ZTdlNmEwZGFm
|
10
|
+
OTZhOGIxY2MyMmZhYjBiYTE5YmNmMTgxYWU5ZjU2YjkzYmRmZDU3NTRkMGQx
|
11
|
+
ZWFjZGVkODdkZTBiNWQyNjM2YmU3N2JlYzVlMzE3ODVlOWIxN2E=
|
12
|
+
data.tar.gz: !binary |-
|
13
|
+
M2NmMzU3MjZhYjc0ZmRjYzZmZjY0ZDczNDI1MTA4MTkwN2VkZmYxNWEzYmQ2
|
14
|
+
MDg2OGUyOTcxMjA0OWU5NmRlMDczOTdmM2MyZTlhMTMzMDIzMWJhMzNlZWVj
|
15
|
+
NGNhMzBlN2I1ODIxZjdmZGE4YmExZjQ0Njc2Yjc0NmYwNjNiOGI=
|
data/Changelog.md
CHANGED
@@ -1,5 +1,22 @@
|
|
1
1
|
## Unreleased
|
2
2
|
|
3
|
+
## v2.0.0 / 2013-08-20
|
4
|
+
* Removal of knife encrypt certs
|
5
|
+
* Removal of knife encrypt passwords
|
6
|
+
* Add knife encrypt create
|
7
|
+
* Add knife encrypt update
|
8
|
+
* Add knife encrypt remove
|
9
|
+
* Add knife encrypt delete
|
10
|
+
* Add knife encrypt rotate keys
|
11
|
+
* Add knife decrypt
|
12
|
+
* Update chef-vault binary to take -v, -i, -a
|
13
|
+
* Add ChefVault::Item class
|
14
|
+
* Add ChefVault::ItemKeys class
|
15
|
+
* Modify ChefVault::User to use ChefVault::Item to maintain backwards compatability
|
16
|
+
* Modify ChefVault::Certificate to use ChefVault::Item to maintain backwards compatability
|
17
|
+
|
18
|
+
## Released
|
19
|
+
|
3
20
|
## v1.2.5 / 2013-07-22
|
4
21
|
* Update compat to be class ChefVault not module ChefVault to remove knife errors
|
5
22
|
* Allow nodes/clients to be used as Admins
|
data/KNIFE_EXAMPLES.md
ADDED
@@ -0,0 +1,169 @@
|
|
1
|
+
# knife examples
|
2
|
+
|
3
|
+
## encrypt
|
4
|
+
knife encrypt [create|update|remove|delete] [VAULT] [ITEM] [VALUES]
|
5
|
+
|
6
|
+
These are the commands that are used to take data in json format and encrypt that data into chef-vault style encrypted data bags in chef.
|
7
|
+
|
8
|
+
* Vault - This is the name of the vault in which to store the encrypted item. This is analogous to a chef data bag name
|
9
|
+
* Item - The name of the item going in to the vault. This is analogous to a chef data bag item id
|
10
|
+
* Values - This is the json clear text data to be stored in the vault encrypted. This is analogous to a chef data bag item data
|
11
|
+
|
12
|
+
### create
|
13
|
+
Creat a vault called passwords and put an item called root in it with the given values for username and password encrypted for clients role:webserver and admins admin1 & admin2
|
14
|
+
|
15
|
+
knife encrypt create passwords root "{username: 'root', password: 'mypassword'}" -S "role:webserver" -A "admin1,admin2"
|
16
|
+
|
17
|
+
Creat a vault called passwords and put an item called root in it with the given values for username and password encrypted for clients role:webserver
|
18
|
+
|
19
|
+
knife encrypt create passwords root "{username: 'root', password: 'mypassword'}" -S "role:webserver"
|
20
|
+
|
21
|
+
Creat a vault called passwords and put an item called root in it with the given values for username and password encrypted for admins admin1 & admin2
|
22
|
+
|
23
|
+
knife encrypt create passwords root "{username: 'root', password: 'mypassword'}" -A "admin1,admin2"
|
24
|
+
|
25
|
+
Note: A JSON file can be used in place of specifying the values on the command line, see global options below for details
|
26
|
+
|
27
|
+
### update
|
28
|
+
Update the values in username and password in the vault passwords and item root. Will overwrite existing values if values already exist!
|
29
|
+
|
30
|
+
knife encrypt update passwords root "{username: 'root', password: 'mypassword'}"
|
31
|
+
|
32
|
+
Update the values in username and password in the vault passwords and item root and add admin1 & admin2 to the encrypted admins. Will overwrite existing values if values already exist!
|
33
|
+
|
34
|
+
knife encrypt update passwords root "{username: 'root', password: 'mypassword'}" -A "admin1,admin2"
|
35
|
+
|
36
|
+
Update the values in username and password in the vault passwords and item root and add role:webserver to the encrypted clients. Will overwrite existing values if values already exist!
|
37
|
+
|
38
|
+
knife encrypt update passwords root "{username: 'root', password: 'mypassword'}" -S "role:webserver"
|
39
|
+
|
40
|
+
Update the values in username and password in the vault passwords and item root and add role:webserver to the encrypted clients and admin1 & admin2 to the encrypted admins. Will overwrite existing values if values already exist!
|
41
|
+
|
42
|
+
knife encrypt update passwords root "{username: 'root', password: 'mypassword'}" -S "role:webserver" -A "admin1,admin2"
|
43
|
+
|
44
|
+
Add admin1 & admin2 to encrypted admins for the vault passwords and item root.
|
45
|
+
|
46
|
+
knife encrypt update passwords root -A "admin1,admin2"
|
47
|
+
|
48
|
+
Add role:webserver to encrypted clients for the vault passwords and item root.
|
49
|
+
|
50
|
+
knife encrypt update passwords root -S "role:webserver"
|
51
|
+
|
52
|
+
Add admin1 & admin2 to encrypted admins and role:webserver to encrypted clients for the vault passwords and item root.
|
53
|
+
|
54
|
+
knife encrypt update passwords root -S "role:webserver" -A "admin1,admin2"
|
55
|
+
|
56
|
+
Note: A JSON file can be used in place of specifying the values on the command line, see global options below for details
|
57
|
+
|
58
|
+
### remove
|
59
|
+
Remove the values in username and password from the vault passwords and item root.
|
60
|
+
|
61
|
+
knife encrypt remove passwords root "{username: 'root', password: 'mypassword'}"
|
62
|
+
|
63
|
+
Remove the values in username and password from the vault passwords and item root and remove admin1 & admin2 from the encrypted admins.
|
64
|
+
|
65
|
+
knife encrypt remove passwords root "{username: 'root', password: 'mypassword'}" -A "admin1,admin2"
|
66
|
+
|
67
|
+
Remove the values in username and password from the vault passwords and item root and remove role:webserver from the encrypted clients.
|
68
|
+
|
69
|
+
knife encrypt remove passwords root "{username: 'root', password: 'mypassword'}" -S "role:webserver"
|
70
|
+
|
71
|
+
Remove the values in username and password from the vault passwords and item root and remove role:webserver from the encrypted clients and admin1 & admin2 from the encrypted admins.
|
72
|
+
|
73
|
+
knife encrypt remove passwords root "{username: 'root', password: 'mypassword'}" -S "role:webserver" -A "admin1,admin2"
|
74
|
+
|
75
|
+
Remove admin1 & admin2 from encrypted admins for the vault passwords and item root.
|
76
|
+
|
77
|
+
knife encrypt remove passwords root -A "admin1,admin2"
|
78
|
+
|
79
|
+
Remove role:webserver from encrypted clients for the vault passwords and item root.
|
80
|
+
|
81
|
+
knife encrypt remove passwords root -S "role:webserver"
|
82
|
+
|
83
|
+
Remove admin1 & admin2 from encrypted admins and role:webserver from encrypted clients for the vault passwords and item root.
|
84
|
+
|
85
|
+
knife encrypt remove passwords root -S "role:webserver" -A "admin1,admin2"
|
86
|
+
|
87
|
+
### delete
|
88
|
+
Delete the item root from the vault passwords
|
89
|
+
|
90
|
+
knife encrypt delete passwords root
|
91
|
+
|
92
|
+
### rotate keys
|
93
|
+
Rotate the shared key for the vault passwords and item root. The shared key is that which is used for the chef encrypted data bag item
|
94
|
+
|
95
|
+
knife encrypt rotate secret passwords root
|
96
|
+
|
97
|
+
### global options
|
98
|
+
<table>
|
99
|
+
<tr>
|
100
|
+
<th>Short</th>
|
101
|
+
<th>Long</th>
|
102
|
+
<th>Description</th>
|
103
|
+
<th>Default</th>
|
104
|
+
<th>Valid Values</th>
|
105
|
+
</tr>
|
106
|
+
<tr>
|
107
|
+
<td>-S SEARCH</td>
|
108
|
+
<td>--search SEARCH</td>
|
109
|
+
<td>Chef Server SOLR Search Of Nodes</td>
|
110
|
+
<td>nil</td>
|
111
|
+
<td></td>
|
112
|
+
</tr>
|
113
|
+
<tr>
|
114
|
+
<td>-A ADMINS</td>
|
115
|
+
<td>--admins ADMINS</td>
|
116
|
+
<td>Chef clients or users to be vault admins, can be comma list</td>
|
117
|
+
<td>nil</td>
|
118
|
+
<td></td>
|
119
|
+
</tr>
|
120
|
+
<tr>
|
121
|
+
<td>-M MODE</td>
|
122
|
+
<td>--mode MODE</td>
|
123
|
+
<td>Chef mode to run in</td>
|
124
|
+
<td>solo</td>
|
125
|
+
<td>"solo", "client"</td>
|
126
|
+
</tr>
|
127
|
+
<tr>
|
128
|
+
<td>-J FILE</td>
|
129
|
+
<td>--json FILE</td>
|
130
|
+
<td>json file to be used for values, will be merged with VALUES if VALUES is passed</td>
|
131
|
+
<td>nil</td>
|
132
|
+
<td></td>
|
133
|
+
</tr>
|
134
|
+
</table>
|
135
|
+
|
136
|
+
## decrypt
|
137
|
+
knife decrypt [VAULT] [ITEM] [VALUES]
|
138
|
+
|
139
|
+
These are the commands that are used to take a chef-vault encrypted item and decrypt the requested values.
|
140
|
+
|
141
|
+
* Vault - This is the name of the vault in which to store the encrypted item. This is analogous to a chef data bag name
|
142
|
+
* Item - The name of the item going in to the vault. This is analogous to a chef data bag item id
|
143
|
+
* Values - This is a comma list of values to decrypt from the vault item. This is analogous to a list of hash keys.
|
144
|
+
|
145
|
+
Decrypt the username and password for the item root in the vault passwords.
|
146
|
+
|
147
|
+
knife decrypt passwords root "username, password"
|
148
|
+
|
149
|
+
Decrypt the contents for the item user_pem in the vault certs.
|
150
|
+
|
151
|
+
knife decrypt certs user_pem "contents"
|
152
|
+
|
153
|
+
### global options
|
154
|
+
<table>
|
155
|
+
<tr>
|
156
|
+
<th>Short</th>
|
157
|
+
<th>Long</th>
|
158
|
+
<th>Description</th>
|
159
|
+
<th>Default</th>
|
160
|
+
<th>Valid Values</th>
|
161
|
+
</tr>
|
162
|
+
<tr>
|
163
|
+
<td>-M MODE</td>
|
164
|
+
<td>--mode MODE</td>
|
165
|
+
<td>Chef mode to run in</td>
|
166
|
+
<td>solo</td>
|
167
|
+
<td>"solo", "client"</td>
|
168
|
+
</tr>
|
169
|
+
</table>
|
data/README.md
CHANGED
@@ -5,14 +5,11 @@
|
|
5
5
|
|
6
6
|
## DESCRIPTION:
|
7
7
|
|
8
|
-
Gem that allows you to encrypt
|
9
|
-
a list of chef nodes. This allows only those chef nodes to decrypt the
|
10
|
-
password or certificate.
|
8
|
+
Gem that allows you to encrypt a Chef Data Bag Item using the public keys of a list of chef nodes. This allows only those chef nodes to decrypt the encrypted values.
|
11
9
|
|
12
10
|
## INSTALLATION:
|
13
11
|
|
14
|
-
Be sure you are running the latest version Chef. Versions earlier than 0.10.0
|
15
|
-
don't support plugins:
|
12
|
+
Be sure you are running the latest version Chef. Versions earlier than 0.10.0 don't support plugins:
|
16
13
|
|
17
14
|
gem install chef
|
18
15
|
|
@@ -20,130 +17,110 @@ This plugin is distributed as a Ruby Gem. To install it, run:
|
|
20
17
|
|
21
18
|
gem install chef-vault
|
22
19
|
|
23
|
-
Depending on your system's configuration, you may need to run this command with
|
24
|
-
root privileges.
|
25
|
-
|
26
|
-
## CONFIGURATION:
|
20
|
+
Depending on your system's configuration, you may need to run this command with root privileges.
|
27
21
|
|
28
22
|
## KNIFE COMMANDS:
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
23
|
+
See KNIFE_EXAMPLES.md for examples of commands
|
24
|
+
|
25
|
+
NOTE: chef-vault 1.0 knife commands are not support! Please use chef-vault 2.0 commands.
|
26
|
+
|
27
|
+
### Encrypt
|
28
|
+
|
29
|
+
knife encrypt create [VAULT] [ITEM] [VALUES]
|
30
|
+
knife encrypt update [VAULT] [ITEM] [VALUES]
|
31
|
+
knife encrypt remove [VAULT] [ITEM] [VAULES]
|
32
|
+
knife encrypt delete [VAULT] [ITEM]
|
33
|
+
knife encrypt rotate keys [VAULT] [ITEM]
|
34
|
+
|
35
|
+
<i>Global Options:</i>
|
36
|
+
<table>
|
37
|
+
<tr>
|
38
|
+
<th>Short</th>
|
39
|
+
<th>Long</th>
|
40
|
+
<th>Description</th>
|
41
|
+
<th>Default</th>
|
42
|
+
<th>Valid Values</th>
|
43
|
+
</tr>
|
44
|
+
<tr>
|
45
|
+
<td>-S SEARCH</td>
|
46
|
+
<td>--search SEARCH</td>
|
47
|
+
<td>Chef Server SOLR Search Of Nodes</td>
|
48
|
+
<td>nil</td>
|
49
|
+
<td></td>
|
50
|
+
</tr>
|
51
|
+
<tr>
|
52
|
+
<td>-A ADMINS</td>
|
53
|
+
<td>--admins ADMINS</td>
|
54
|
+
<td>Chef clients or users to be vault admins, can be comma list</td>
|
55
|
+
<td>nil</td>
|
56
|
+
<td></td>
|
57
|
+
</tr>
|
58
|
+
<tr>
|
59
|
+
<td>-M MODE</td>
|
60
|
+
<td>--mode MODE</td>
|
61
|
+
<td>Chef mode to run in</td>
|
62
|
+
<td>solo</td>
|
63
|
+
<td>"solo", "client"</td>
|
64
|
+
</tr>
|
65
|
+
<tr>
|
66
|
+
<td>-J FILE</td>
|
67
|
+
<td>--json FILE</td>
|
68
|
+
<td>json file to be used for values, will be merged with VALUES if VALUES is passed</td>
|
69
|
+
<td>nil</td>
|
70
|
+
<td></td>
|
71
|
+
</tr>
|
72
|
+
</table>
|
73
|
+
|
74
|
+
### Decrypt
|
75
|
+
|
76
|
+
knife decrypt [VAULT] [ITEM] [VALUES]
|
77
|
+
|
78
|
+
<i>Global Options:</i>
|
79
|
+
<table>
|
80
|
+
<tr>
|
81
|
+
<th>Short</th>
|
82
|
+
<th>Long</th>
|
83
|
+
<th>Description</th>
|
84
|
+
<th>Default</th>
|
85
|
+
<th>Valid Values</th>
|
86
|
+
</tr>
|
87
|
+
<tr>
|
88
|
+
<td>-M MODE</td>
|
89
|
+
<td>--mode MODE</td>
|
90
|
+
<td>Chef mode to run in</td>
|
91
|
+
<td>solo</td>
|
92
|
+
<td>"solo", "client"</td>
|
93
|
+
</tr>
|
94
|
+
</table>
|
96
95
|
|
97
96
|
## USAGE IN RECIPES
|
98
97
|
|
99
|
-
To use this gem in a recipe to decrypt data you must first install the gem
|
100
|
-
via a chef_gem resource. Once the gem is installed require the gem and then
|
101
|
-
you can create a new instance of ChefVault.
|
98
|
+
To use this gem in a recipe to decrypt data you must first install the gem via a chef_gem resource. Once the gem is installed require the gem and then you can create a new instance of ChefVault.
|
102
99
|
|
103
|
-
|
100
|
+
NOTE: chef-vault 1.0 style decryption is supported, however it has been deprecated and chef-vault 2.0 decryption should be used instead
|
104
101
|
|
105
|
-
|
106
|
-
chef_gem "chef-vault"
|
107
|
-
|
108
|
-
require 'chef-vault'
|
109
|
-
|
110
|
-
vault = ChefVault.new("passwords")
|
111
|
-
user = vault.user("mysql_user")
|
112
|
-
password = user.decrypt_password
|
113
|
-
```
|
114
|
-
|
115
|
-
### Example Code (certificate)
|
102
|
+
### Example Code
|
116
103
|
|
117
104
|
```ruby
|
118
105
|
chef_gem "chef-vault"
|
119
106
|
|
120
107
|
require 'chef-vault'
|
121
108
|
|
122
|
-
|
123
|
-
|
124
|
-
contents = cert.decrypt_contents
|
109
|
+
item = ChefVault::Item.load("passwords", "root")
|
110
|
+
item["password"]
|
125
111
|
```
|
126
112
|
|
127
113
|
## USAGE STAND ALONE
|
128
114
|
|
129
|
-
`chef-vault` can be used a stand alone binary to decrypt values stored in Chef.
|
130
|
-
It requires that Chef is installed on the system and that you have a valid
|
131
|
-
knife.rb. This is useful if you want to mix `chef-vault` into non-Chef recipe
|
132
|
-
code, for example some other script where you want to protect a password.
|
115
|
+
`chef-vault` can be used as a stand alone binary to decrypt values stored in Chef. It requires that Chef is installed on the system and that you have a valid knife.rb. This is useful if you want to mix `chef-vault` into non-Chef recipe code, for example some other script where you want to protect a password.
|
133
116
|
|
134
|
-
It does still require that the data bag has been encrypted for the user's or
|
135
|
-
client's pem and pushed to the Chef server. It mixes Chef into the gem and
|
136
|
-
uses it to go grab the data bag.
|
117
|
+
It does still require that the data bag has been encrypted for the user's or client's pem and pushed to the Chef server. It mixes Chef into the gem and uses it to go grab the data bag.
|
137
118
|
|
138
119
|
Do `chef-vault --help` for all available options
|
139
120
|
|
140
121
|
### Example usage (password)
|
141
122
|
|
142
|
-
|
143
|
-
|
144
|
-
### Example usage (certificate)
|
145
|
-
|
146
|
-
chef-vault -c wildcard_domain_com -k /etc/chef/knife.rb
|
123
|
+
chef-vault -v passwords -i root -a password -k /etc/chef/knife.rb
|
147
124
|
|
148
125
|
## License and Author:
|
149
126
|
|
data/bin/chef-vault
CHANGED
@@ -28,19 +28,26 @@ options_config = {
|
|
28
28
|
default: "/etc/chef/knife.rb",
|
29
29
|
optional: false
|
30
30
|
},
|
31
|
-
|
32
|
-
short: "
|
33
|
-
long: "
|
34
|
-
description: "
|
31
|
+
vault: {
|
32
|
+
short: "v",
|
33
|
+
long: "vault",
|
34
|
+
description: "Vault to look in",
|
35
35
|
default: nil,
|
36
|
-
optional:
|
36
|
+
optional: false
|
37
37
|
},
|
38
|
-
|
39
|
-
short: "
|
40
|
-
long: "
|
41
|
-
description: "
|
38
|
+
item: {
|
39
|
+
short: "i",
|
40
|
+
long: "item",
|
41
|
+
description: "Item to decrypt in vault",
|
42
|
+
default: nil,
|
43
|
+
optional: false
|
44
|
+
},
|
45
|
+
values: {
|
46
|
+
short: "a",
|
47
|
+
long: "vaules",
|
48
|
+
description: "Values of item to decrypt in vault",
|
42
49
|
default: nil,
|
43
|
-
optional:
|
50
|
+
optional: false
|
44
51
|
}
|
45
52
|
}
|
46
53
|
|
@@ -68,7 +75,7 @@ OptionParser.new do |opts|
|
|
68
75
|
end.parse!
|
69
76
|
|
70
77
|
options_config.each do |option, config|
|
71
|
-
raise OptionParser::MissingArgument if (options[option].nil? && !config[:optional])
|
78
|
+
raise OptionParser::MissingArgument, option if (options[option].nil? && !config[:optional])
|
72
79
|
end
|
73
80
|
|
74
81
|
options_config.each do |option, config|
|
@@ -79,13 +86,12 @@ require 'rubygems'
|
|
79
86
|
$:.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
|
80
87
|
require 'chef-vault'
|
81
88
|
|
82
|
-
|
83
|
-
|
89
|
+
ChefVault.load_config(options[:chef])
|
90
|
+
item = ChefVault::Item.load(options[:vault], options[:item])
|
91
|
+
|
92
|
+
puts "#{options[:vault]}/#{options[:item]}"
|
84
93
|
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
vault = ChefVault.new("certs", options[:chef])
|
89
|
-
cert = vault.certificate(options[:cert])
|
90
|
-
puts cert.decrypt_contents
|
94
|
+
options[:values].split(",").each do |value|
|
95
|
+
value.strip! # remove white space
|
96
|
+
puts("\t#{value}: #{item[value]}")
|
91
97
|
end
|