Sha256: dc8ef03402236b661629aa56f2191fde73c9f2eedeec164c301ab9506e2ef25e
Contents?: true
Size: 1.23 KB
Versions: 2
Compression:
Stored size: 1.23 KB
Contents
require 'chef/knife'
class DecryptPassword < Chef::Knife
deps do
require 'chef/search/query'
require 'chef/shef/ext'
require 'json'
end
banner "knife decrypt password --username USERNAME"
option :username,
:short => '-U USERNAME',
:long => '--username USERNAME',
:description => 'username of account to encrypt'
def run
unless config[:username]
puts("You must supply a username to decrypt")
exit 1
end
Shef::Extensions.extend_context_object(self)
data_bag_path = "./data_bags/passwords"
username = config[:username]
user_private_key = OpenSSL::PKey::RSA.new(open(Chef::Config[:client_key]).read())
key = JSON.parse(IO.read("#{data_bag_path}/#{username}_keys.json"))
unless key[Chef::Config[:node_name]]
puts("Can't find a key for #{Chef::Config[:node_name]}... You can't decrypt!")
exit 1
end
data_bag_shared_key = user_private_key.private_decrypt(Base64.decode64(key[Chef::Config[:node_name]]))
credential = JSON.parse(open("#{data_bag_path}/#{username}.json").read())
credential = Chef::EncryptedDataBagItem.new credential, data_bag_shared_key
puts("username: #{credential['username']}, password: #{credential['password']}")
end
end
Version data entries
2 entries across 2 versions & 2 rubygems
| Version | Path |
|---|---|
| chef-vault-1.0.0 | lib/chef/knife/DecryptPassword.rb |
| chef-keepass-0.2.1 | lib/chef/knife/DecryptPassword.rb |