1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "KNIFE\-DATA\-BAG" "1" "February 2013" "Chef 11.0.0" "Chef Manual"
.
.SH "NAME"
\fBknife\-data\-bag\fR \- Store arbitrary data on a Chef Server
.
.SH "SYNOPSIS"
\fBknife\fR \fBdata bag\fR \fIsub\-command\fR \fI(options)\fR
.
.SH "DESCRIPTION"
Data bags are stores of arbitrary JSON data\. Each data bag is a collection that may contain many items\. Data Bag Items are indexed by the Chef Server and can be searched via \fBknife\-search\fR(1)\.
.
.P
Data bags are available to all nodes configured by \fBchef\-client\fR(8), and are therefore a convenient mechanism to store global information, such as lists of administrative accounts that should be configured on all hosts\.
.
.SH "DATA BAG SUB\-COMMANDS"
.
.SH "CREATE"
\fBknife data bag create\fR \fIbag name\fR [item id] \fI(options)\fR
.
.TP
\fB\-s\fR, \fB\-\-secret SECRET\fR
A secret key used to encrypt the data bag item\. See \fBencryption support\fR below\.
.
.TP
\fB\-\-secret\-file SECRET_FILE\fR
The path to a file containing the secret key to be used to encrypt the data bag item\.
.
.P
If \fIitem id\fR is given, creates a new, empty data bag item and opens it for editing in your editor\. The data bag will be created if it does not exist\.
.
.P
If \fIitem id\fR is not given, the data bag will be created\.
.
.SH "DELETE"
\fBknife data bag delete\fR \fIbag name\fR [item id] \fI(options)\fR
.
.P
Delete a data bag, or an item from a data bag\.
.
.SH "EDIT"
\fBknife data bag edit\fR \fIbag name\fR \fIitem id\fR \fI(options)\fR
.
.TP
\fB\-s\fR, \fB\-\-secret SECRET\fR
A secret key used to encrypt the data bag item\. See \fBencryption support\fR below\.
.
.TP
\fB\-\-secret\-file SECRET_FILE\fR
The path to a file containing the secret key to be used to encrypt the data bag item\.
.
.P
Edit an item in a data bag\.
.
.SH "FROM FILE"
\fBknife data bag from file\fR \fIbag name\fR \fIfile\fR \fI(options)\fR
.
.P
\fBknife data bag from file\fR \fIbag name\fR \fIfile1\fR \fIfile2\fR \fIfile3\fR \fI(options)\fR
.
.P
\fBknife data bag from file\fR \fIbag name\fR \fIfolder\fR \fI(options)\fR
.
.TP
\fB\-s\fR, \fB\-\-secret SECRET\fR
A secret key used to encrypt the data bag item\. See \fBencryption support\fR below\.
.
.TP
\fB\-\-secret\-file SECRET_FILE\fR
The path to a file containing the secret key to be used to encrypt the data bag item\.
.
.P
Load a data bag item from a JSON file\. If \fIfile\fR is a relative or absolute path to the file, that file will be used\. Otherwise, the \fIfile\fR parameter is treated as the base name of a data bag file in a Chef repository, and \fBknife\fR will search for the file in \fB\./data_bags/bag_name/file\fR\. For example \fBknife data bag from file users dan\.json\fR would attempt to load the file \fB\./data_bags/users/dan\.json\fR\.
.
.SH "LIST"
\fBknife data bag list\fR \fI(options)\fR
.
.TP
\fB\-w\fR, \fB\-\-with\-uri\fR
Show corresponding URIs
.
.P
Lists the data bags that exist on the Chef Server\.
.
.SH "SHOW"
\fBknife data bag show BAG [ITEM]\fR \fI(options)\fR
.
.TP
\fB\-s\fR, \fB\-\-secret SECRET\fR
A secret key used to encrypt the data bag item\. See \fBencryption support\fR below\.
.
.TP
\fB\-\-secret\-file SECRET_FILE\fR
The path to a file containing the secret key to be used to encrypt the data bag item\.
.
.P
Show a specific data bag or an item in a data bag\. The output will be formatted according to the \-\-format option\.
.
.SH "ENCRYPTION SUPPORT"
Data Bag Items may be encrypted to keep their contents secret\. This may be desireable when storing sensitive information such as database passwords, API keys, etc\.
.
.P
Data Bag Item encryption uses the AES\-256 CBC symmetric key algorithm\.
.
.P
\fBCAVEATS:\fR Keys are not encrypted; only values are encrypted\. The "id" of a Data Bag Item is not encrypted, since it is used by Chef Server to store the item in its database\. For example, given the following data bag item:
.
.IP "" 4
.
.nf
{"id": "important_passwords", "secret_password": "opensesame"}
.
.fi
.
.IP "" 0
.
.P
The key "secret_password" will be visible to an evesdropper, but the value "opensesame" will be protected\. Both the key "id" and its value "important_passwords" will be visible to an evesdropper\.
.
.P
Chef Server does not provide a secure mechanism for distributing encryption keys\.
.
.SH "SEE ALSO"
\fBknife\-search\fR(1)
.
.SH "AUTHOR"
Chef was written by Adam Jacob \fIadam@opscode\.com\fR with many contributions from the community\.
.
.SH "DOCUMENTATION"
This manual page was written by Joshua Timberman \fIjoshua@opscode\.com\fR\. Permission is granted to copy, distribute and / or modify this document under the terms of the Apache 2\.0 License\.
.
.SH "CHEF"
Knife is distributed with Chef\. http://wiki\.opscode\.com/display/chef/Home
|