1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "KNIFE\-DATA\-BAG" "1" "June 2013" "Chef 11.6.0.rc.0" "Chef Manual"
.
.SH "NAME"
\fBknife\-data\-bag\fR \- Store arbitrary data on a Chef Server
.
.SH "SYNOPSIS"
\fBknife\fR \fBdata bag\fR \fIsub\-command\fR \fI(options)\fR
.
.SH "DESCRIPTION"
Data bags are stores of arbitrary JSON data\. Each data bag is a collection that may contain many items\. Data Bag Items are indexed by the Chef Server and can be searched via \fBknife\-search\fR(1)\.
.
.P
Data bags are available to all nodes configured by \fBchef\-client\fR(8), and are therefore a convenient mechanism to store global information, such as lists of administrative accounts that should be configured on all hosts\.
.
.SH "DATA BAG SUB\-COMMANDS"
.
.SH "CREATE"
\fBknife data bag create\fR \fIbag name\fR [item id] \fI(options)\fR
.
.TP
\fB\-s\fR, \fB\-\-secret SECRET\fR
A secret key used to encrypt the data bag item\. See \fBencryption support\fR below\.
.
.TP
\fB\-\-secret\-file SECRET_FILE\fR
The path to a file containing the secret key to be used to encrypt the data bag item\.
.
.P
If \fIitem id\fR is given, creates a new, empty data bag item and opens it for editing in your editor\. The data bag will be created if it does not exist\.
.
.P
If \fIitem id\fR is not given, the data bag will be created\.
.
.SH "DELETE"
\fBknife data bag delete\fR \fIbag name\fR [item id] \fI(options)\fR
.
.P
Delete a data bag, or an item from a data bag\.
.
.SH "EDIT"
\fBknife data bag edit\fR \fIbag name\fR \fIitem id\fR \fI(options)\fR
.
.TP
\fB\-s\fR, \fB\-\-secret SECRET\fR
A secret key used to encrypt the data bag item\. See \fBencryption support\fR below\.
.
.TP
\fB\-\-secret\-file SECRET_FILE\fR
The path to a file containing the secret key to be used to encrypt the data bag item\.
.
.P
Edit an item in a data bag\.
.
.SH "FROM FILE"
\fBknife data bag from file\fR \fIbag name\fR \fIfile\fR \fI(options)\fR
.
.P
\fBknife data bag from file\fR \fIbag name\fR \fIfile1\fR \fIfile2\fR \fIfile3\fR \fI(options)\fR
.
.P
\fBknife data bag from file\fR \fIbag name\fR \fIfolder\fR \fI(options)\fR
.
.TP
\fB\-s\fR, \fB\-\-secret SECRET\fR
A secret key used to encrypt the data bag item\. See \fBencryption support\fR below\.
.
.TP
\fB\-\-secret\-file SECRET_FILE\fR
The path to a file containing the secret key to be used to encrypt the data bag item\.
.
.P
Load a data bag item from a JSON file\. If \fIfile\fR is a relative or absolute path to the file, that file will be used\. Otherwise, the \fIfile\fR parameter is treated as the base name of a data bag file in a Chef repository, and \fBknife\fR will search for the file in \fB\./data_bags/bag_name/file\fR\. For example \fBknife data bag from file users dan\.json\fR would attempt to load the file \fB\./data_bags/users/dan\.json\fR\.
.
.SH "LIST"
\fBknife data bag list\fR \fI(options)\fR
.
.TP
\fB\-w\fR, \fB\-\-with\-uri\fR
Show corresponding URIs
.
.P
Lists the data bags that exist on the Chef Server\.
.
.SH "SHOW"
\fBknife data bag show BAG [ITEM]\fR \fI(options)\fR
.
.TP
\fB\-s\fR, \fB\-\-secret SECRET\fR
A secret key used to encrypt the data bag item\. See \fBencryption support\fR below\.
.
.TP
\fB\-\-secret\-file SECRET_FILE\fR
The path to a file containing the secret key to be used to encrypt the data bag item\.
.
.P
Show a specific data bag or an item in a data bag\. The output will be formatted according to the \-\-format option\.
.
.SH "ENCRYPTION SUPPORT"
Data Bag Items may be encrypted to keep their contents secret\. This may be desireable when storing sensitive information such as database passwords, API keys, etc\.
.
.P
Data Bag Item encryption uses the AES\-256 CBC symmetric key algorithm\.
.
.P
\fBCAVEATS:\fR Keys are not encrypted; only values are encrypted\. The "id" of a Data Bag Item is not encrypted, since it is used by Chef Server to store the item in its database\. For example, given the following data bag item: {"id": "important_passwords", "secret_password": "opensesame"} The key "secret_password" will be visible to an evesdropper, but the value "opensesame" will be protected\. Both the key "id" and its value "important_passwords" will be visible to an evesdropper\.
.
.P
Chef Server does not provide a secure mechanism for distributing encryption keys\.
.
.SH "SEE ALSO"
\fBknife\-search\fR(1)
.
.SH "AUTHOR"
Chef was written by Adam Jacob \fIadam@opscode\.com\fR with many contributions from the community\.
.
.SH "DOCUMENTATION"
This manual page was written by Joshua Timberman \fIjoshua@opscode\.com\fR\. Permission is granted to copy, distribute and / or modify this document under the terms of the Apache 2\.0 License\.
.
.SH "CHEF"
Knife is distributed with Chef\. http://wiki\.opscode\.com/display/chef/Home
|
