Itamae::Plugin::Resource::EncryptedRemoteFile
encrypt secret data (e.g. id_rsa), and forward decrypted file to remote.
This is like to knife-solo_data_bag
Installation
Add this line to your application's Gemfile:
gem 'itamae-plugin-resource-encrypted_remote_file'
And then execute:
$ bundle
Or install it yourself as:
$ gem install itamae-plugin-resource-encrypted_remote_file
Usage
Encrypt data
install reversible_cryptography
gem install reversible_cryptography
reversible_cryptography encrypt --password=PASSWORD --src-file=/path/to/secret_file.txt --dst-file=/pass/to/encrypted_file.txt
Recipe
encrypted_remote_file "/home/deployer/.ssh/id_rsa" do
owner "root"
group "root"
source "files/id_rsa.encrypted"
password ENV["ID_RSA_PASSWORD"]
end
ProTip
Use with dotenv
Gemfile
gem "itamae-plugin-resource-encrypted_remote_file"
gem "dotenv"
.env (don't commit this!)
ID_RSA_PASSWORD=12345678
.gitignore
.env
your_recipe.rb
require 'dotenv'
Dotenv.load
ENV["ID_RSA_PASSWORD"]
#=> "12345678"
encrypted_remote_file "/home/deployer/.ssh/id_rsa" do
owner "root"
group "root"
source "files/id_rsa.encrypted"
password ENV["ID_RSA_PASSWORD"]
end
Development
After checking out the repo, run bin/setup
to install dependencies. Then, run bin/console
for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install
. To release a new version, update the version number in version.rb
, and then run bundle exec rake release
to create a git tag for the version, push git commits and tags, and push the .gem
file to rubygems.org.
Testing
requirements Docker
bundle exec itamae docker --node-yaml=spec/recipes/node.yml spec/recipes/install.rb --image=centos:7 --tag itamae-plugin:latest
DOCKER_IMAGE=itamae-plugin:latest bundle exec rspec
Contributing
- Fork it ( https://github.com/sue445/itamae-plugin-resource-encrypted_remote_file/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request