Serialize SSH and RSA private keys to store them in a Chef Data Bag

To send RSA private keys to instances, store them in encrypted data bags. The data bag item is a JSON file that contains keys and values inline.

Use base64 encoding

Base64 encoding converts binary data to ASCII format to represent special characters, like line breaks as ASCII text. The result will be larger, 8 / 6th of the original size, as every 8 bit ASCII character only represents 6 bits of data.

To convert a file to base 64 and save it as another file

cat test.pem | base64 > test.pem.base64

If we need the result on the computer’s clipboard to paste it into a field on the screen

cat test.pem | base64 | pbcopy

To use the encoded string we need to decode it in the Chef cookbook.

Replace the newline characters with \n

To place the multi-line RSA key into the value part of the JSON file, we need to replace the new line characters with the “\n” text.

In Atom

on Mac and Windows

  1. Open the RSA key file in Atom,
  2. Press Command-F on Mac, Ctrl-F on Windows to open the Find and Replace window,
  3. On the right side click the Use Regex button,
  4. In the search field enter
    \r\n
  5. In the replace with field enter
    \\n
  6. Press the Replace All button

In Visual Studio Code

on Mac and Windows

  • Press Command-F on Mac, Ctrl-F on Windows to open the Find dialog
  • Select the Use Regular Expression button
  • Enter \n into the find, \\n into the replace field

In Notepad++

on Windows

  • Open the RSA key file in Notepad++,
  • In the Search menu select Replace…,
  • Select Extended mode in the Search Mode section,
  • Enter \r\n to the Find what text box ( if the key was generated on a Windows computer using GitBash, search for \n )
  • Enter \\n  to the Replace with text box
  • Press the Replace All button

You can place the single line key into any encrypted Data Bag file. See Data Bags on Data Bag encryption.

Leave a comment

Leave a Reply