I have a vault item defined as the following in my recipe
item = ChefVault::Item.load("user","password")
How do i call this this in my template.erb? I tried the following which isn't working
ROOTPASSWORD= <%= @node["testcookbook"]["user"]["password"] %>
My vault item looks like this:
$ knife vault show user password
id: password
pass: xxxxxxxxxx
username: chefuser
I generally do something like this within a recipe
ROOTPASSWORD #{item['pass']}
however I don't think that would work within a template.
There are two options to solve that problem though the second one should be preferred as that keeps your sensitive data private.
Suppose, if your vault look like this:
knife vault show user password
id: password
pass: xxxxxxxxxx
username: chefuser
Then, you can approach like following:
First, if you want to set the password on node object and make it visible, then you can do something like below:
In recipe:
node.default["testcookbook"]["user"]["password"] = ChefVault::Item.load("user","password")['pass']
template '/tmp/template' do
source 'template.erb'
owner 'root'
group 'root'
mode '0644'
end
In Template:
ROOTPASSWORD= <%= node["testcookbook"]["user"]["password"] %>
variablesSecond, if you don't want to set the password on node object and let it visible in chef run logs, then you can do something like below:-
template '/tmp/template' do
source 'template.erb'
owner 'root'
group 'root'
mode '0644'
sensitive true
variables( {:password => ChefVault::Item.load("user","password")['pass']})
end
In Template:
ROOTPASSWORD= <%= @password %>