Encrypted Databags Before 12.7 Cannot Be Edited

Sean Horn -

 

The issue looks like this and is related to changes in the Knife Client at 12.7+ from versions before 12.7 with the usage of the to_hash/from_hash methods. In short, do not use these methods, but rather, allow knife to save and read the databags directly, in encrypted form.

knife data bag edit test key --secret-file nonprod -c ~/.chef/dev_knife.rb 
ERROR: Chef::Exceptions::ValidationFailed: Option data_bag's value {"encrypted_data"=>"7HnyKNd3DvMqQwgmFPBuoYBQYsruJMrYkgeghifQOic=\n", "iv"=>"nh1Ng0mawZyGL9LU1Q9lag==\n", "version"=>1, "cipher"=>"aes-256-cbc"} does not match regular expression /^[\-[:alnum:]_]+$/

Further detail toward understanding can be found in this comment and the following ones in the same issue. https://github.com/chef/chef/issues/4815#issuecomment-272115130

Have more questions? Submit a request

Comments

Powered by Zendesk