I have a recipe that requires credentials from chef_vault.
I would like to be able to merely apply this recipe (or even a role if necessary) to a node and have that node automatically added to the vault item's client list the next time it does a chef run (when the recipe executes) so it can retrieve those creds. Is this possible?
I was thinking about having the recipe tag the node then run knife vault update from the recipe, but even if that works its a bit ugly.
Is there an elegant solution for this that doesn't require me to manually do anything and have the recipes that need vault creds assign them for me?
You cannot do this (safely), it violates the security model and whole point of using an asymmetric pre-encryption system like chef-vault.