Project

knife-annex

0.0
No commit activity in last 3 years
No release in over 3 years
knife-annex3ofcoins/knife-annexHomepageDocumentationSource CodeBug TrackerWiki
Knife plugin implementing a git-annex backend in chef-vault
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
11,903
Stars
2
Forks
1
Watchers
3
 Releases
Current version
0.0.4
Total releases
4
First release
2013-09-28
Latest release
2014-06-17
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2013-12-25
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 1.3
thor
~> 0.18.1

Runtime

chef-vault
~> 2.2.1
 Project Readme

Knife Annex

Knife plugin that implements git-annex hook backend for chef-vault.

This plugin uses a data bag named annex to store items encrypted by chef-vault for admin chef users (except the admin user created by default) available as git-annex files.

This allows keeping shared secret files (such as access keys - think Amazon Web Services - or passwords) out of Git repository, store them securely encrypted, and still keep convenient git-based access.

Installation

Add this line to your chef repo's Gemfile:

gem 'knife-annex'

And then execute:

$ bundle

Or install it yourself as:

$ gem install knife-annex

Usage

Configure the hook type for git-annex:

$ git config annex.chef-vault-hook 'knife annex'

If you use Bundler with your chef repo, you may need this form:

$ git config annex.chef-vault-hook 'bundle exec knife annex'

Then, initialise the special remote:

$ git annex initremote chef-server type=hook hooktype=chef-vault encryption=none

If you're extra paranoid, you can have double encryption by specifying encryption=shared in the special remote's options.

After that, you can use chef-server remote normally with git-annex.

When your admin user list changes, you can rekey the data by running:

$ knife annex --rotate-keys

Contributing

See the CONTRIBUTING.md file