How to pass Chef data bag secret to a docker container?

I have already created a databag item which is existing on the chef server.
Now, I am trying to pass on that databag item secret value to a docker container.

I am creating the data bag as follows:

  • Dynamically Pull Docker Image using chef recipe
  • Kitchen-Docker and Systemd
  • How to preserve apt-cache archive directory when using docker / host volumes
  • how to use test-kitchen in multi node environment?
  • Platform to test with docker containers in developer environment
  • Octohost with knife solo on bare metal? (UserError: Vagrant not installed)
  • knife data bag create bag_secrets bag_masterkey --secret-file C:\path\data_bag_secret

    I am retrieving value of that databag item in Chef recipe as follows:

    secret = Chef::EncryptedDataBagItem.load_secret("#{node['secret']}")
    masterkey = Chef::EncryptedDataBagItem.load("databag_secrets", "databag_masterkey", secret)

    What logic do i need to add to pass on the data bag secret to a docker container?

  • What is /usr/sbin/service doing under a Docker container
  • Jenkins Job Builder not creating publishers
  • How can I mount a file in a container, that isn't available before first run?
  • docker connection refused nodejs app
  • mysql_config_editor with docker
  • Subscription in Sensu
  • One Solution collect form web for “How to pass Chef data bag secret to a docker container?”

    I’ve said this like twice on different questions: DO NOT USE ENCRYPTED DATABAGS LIKE THIS IT IS NOT SAFE.

    I think you fundamentally misunderstand the security model of encrypted bags, they exist only to allow for data where the Chef Server cannot read it. The cost is you must manage key distribution. For Docker this would probably be via sidecar containers or data volumes but running chef-client inside a container is relatively rare so you’ll have to sort that out yourself. I would recommend working with a security/infosec engineer at your company to figure out the right security model for your usage.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.