module Chef::DSL::Secret
Public Instance Methods
Helper method which looks up a secret using the given service and configuration, and returns the retrieved secret value. This DSL
providers a wrapper around [Chef::SecretFetcher]
Use of the secret helper in the context of a resource block will automatically mark that resource as 'sensitive', preventing resource data from being logged. See [Chef::Resource#sensitive].
@option name [Object] The identifier or name for this secret @option version [Object] The secret version. If a service supports versions
and no version is provided, the latest version will be fetched.
@option service [Symbol] The service identifier for the service that will
perform the secret lookup. See [Chef::SecretFetcher::SECRET_FETCHERS]
@option config [Hash] The configuration that the named service expects
@return result [Object] The response object type is determined by the fetcher but will usually be a string or a hash. See individual fetcher documentation to know what to expect for a given service.
@example
This example uses the built-in :example secret manager service, which accepts a hash of secrets.
value = secret(name: "test1", service: :example, config: { "test1" => "value1" }) log "My secret is #{value}" value = secret(name: "test1", service: :aws_secrets_manager, version: "v1", config: { region: "us-west-1" }) log "My secret is #{value}"
# File lib/chef/dsl/secret.rb, line 52 def secret(name: nil, version: nil, service: nil, config: {}) Chef::Log.warn <<~EOM.gsub("\n", " ") The secrets Chef Infra language helper is currently in beta. If you have feedback or you would like to be part of the future design of this helper e-mail us at secrets_management_beta@progress.com" EOM sensitive(true) if is_a?(Chef::Resource) Chef::SecretFetcher.for_service(service, config, run_context).fetch(name, version) end