NAME¶
knife-data-bag - Store arbitrary data on a Chef Server
SYNOPSIS¶
knife data bag sub-command (options)
DESCRIPTION¶
Data bags are stores of arbitrary JSON data. Each data bag is a collection that
may contain many items. Data Bag Items are indexed by the Chef Server and can
be searched via
knife-search(1).
Data bags are available to all nodes configured by
chef-client(8), and
are therefore a convenient mechanism to store global information, such as
lists of administrative accounts that should be configured on all hosts.
DATA BAG SUB-COMMANDS¶
CREATE¶
knife data bag create bag name [item id]
(options)
- -s, --secret SECRET
- A secret key used to encrypt the data bag item. See
encryption support below.
- --secret-file SECRET_FILE
- The path to a file containing the secret key to be used to
encrypt the data bag item.
If
item id is given, creates a new, empty data bag item and opens it for
editing in your editor. The data bag will be created if it does not exist.
If
item id is not given, the data bag will be created.
DELETE¶
knife data bag delete bag name [item id]
(options)
Delete a data bag, or an item from a data bag.
EDIT¶
knife data bag edit bag name item id (options)
- -s, --secret SECRET
- A secret key used to encrypt the data bag item. See
encryption support below.
- --secret-file SECRET_FILE
- The path to a file containing the secret key to be used to
encrypt the data bag item.
Edit an item in a data bag.
FROM FILE¶
knife data bag from file bag name file (options)
knife data bag from file bag name file1 file2
file3 (options)
knife data bag from file bag name folder (options)
- -s, --secret SECRET
- A secret key used to encrypt the data bag item. See
encryption support below.
- --secret-file SECRET_FILE
- The path to a file containing the secret key to be used to
encrypt the data bag item.
Load a data bag item from a JSON file. If
file is a relative or absolute
path to the file, that file will be used. Otherwise, the
file parameter
is treated as the base name of a data bag file in a Chef repository, and
knife will search for the file in
./data_bags/bag_name/file. For
example
knife data bag from file users dan.json would attempt to load
the file
./data_bags/users/dan.json.
LIST¶
knife data bag list (options)
- -w, --with-uri
- Show corresponding URIs
Lists the data bags that exist on the Chef Server.
SHOW¶
knife data bag show BAG [ITEM] (options)
- -s, --secret SECRET
- A secret key used to encrypt the data bag item. See
encryption support below.
- --secret-file SECRET_FILE
- The path to a file containing the secret key to be used to
encrypt the data bag item.
Show a specific data bag or an item in a data bag. The output will be formatted
according to the --format option.
ENCRYPTION SUPPORT¶
Data Bag Items may be encrypted to keep their contents secret. This may be
desireable when storing sensitive information such as database passwords, API
keys, etc.
Data Bag Item encryption uses the AES-256 CBC symmetric key algorithm.
CAVEATS: Keys are not encrypted; only values are encrypted. The
"id" of a Data Bag Item is not encrypted, since it is used by Chef
Server to store the item in its database. For example, given the following
data bag item:
-
-
{"id": "important_passwords", "secret_password": "opensesame"}
-
The key "secret_password" will be visible to an evesdropper, but the
value "opensesame" will be protected. Both the key "id"
and its value "important_passwords" will be visible to an
evesdropper.
Chef Server does not provide a secure mechanism for distributing encryption
keys.
SEE ALSO¶
knife-search(1)
AUTHOR¶
Chef was written by Adam Jacob
adam@opscode.com with many contributions
from the community.
DOCUMENTATION¶
This manual page was written by Joshua Timberman
joshua@opscode.com.
Permission is granted to copy, distribute and / or modify this document under
the terms of the Apache 2.0 License.
CHEF¶
Knife is distributed with Chef.
http://wiki.opscode.com/display/chef/Home
