Store certificates in Chef data bags for distribution to nodes via Chef Infra. Certificates are stored as data bag items with customizable field names.Documentation Index
Fetch the complete documentation index at: https://infisical.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
Certificate Syncs are configured per Application. First select which certificates to sync, then configure the Chef destination.
Prerequisites
- A Chef Connection with the following permissions:
data bag readdata bag createdata bag updatedata bag delete
Certificates are stored as data bag items with configurable field names for certificate, private key, and chain.
Create a Chef Sync
- Infisical UI
- API
- In your Application, go to the Certificate Syncs tab and click Create Sync.
- Select the Chef option.
-
Configure the Destination:
- Chef Connection: The Chef Connection to authenticate with.
- Data Bag Name: The name of the Chef data bag for storing certificates.
-
Configure the Sync Options:
- Enable Removal of Expired/Revoked Certificates: Remove certificates from the destination if they are no longer active.
- Preserve Data Bag Item on Renewal: Update the existing data bag item on renewal instead of creating a new one.
- Include Root CA: Include the Root CA certificate in the chain.
- Certificate Name Schema: Customize item names using
{{certificateId}}placeholder. - Auto-Sync Enabled: Automatically sync certificates when changes occur.
-
Configure the Field Mappings:
- Certificate Field: Field name for the certificate (default:
certificate) - Private Key Field: Field name for the private key (default:
private_key) - Certificate Chain Field: Field name for the chain (default:
certificate_chain) - CA Certificate Field: Field name for the root CA (default:
ca_certificate)
- Certificate Field: Field name for the certificate (default:
-
Configure the Details:
- Name: The name of your sync (slug-friendly).
- Description: Optional description.
- Select which certificates should be synced.
- Review and click Create Sync.
Certificate Management
The Chef Certificate Sync provides:- Automatic Deployment: Deploy certificates in Infisical to Chef data bags with customizable field names.
- Certificate Updates: Update certificates in Chef data bags when renewals occur.
- Expiration Handling: Optionally remove expired certificates from Chef data bags (if enabled).
- Format Preservation: Maintain certificate format during sync operations.
- Field Customization: Map certificate data to custom field names that match your Chef cookbook requirements.
- CA Certificate Support: Include CA certificates in data bag items for complete certificate chain management.
Chef Certificate Syncs support both automatic and manual
synchronization modes. When auto-sync is enabled, certificates are
automatically deployed as they are issued or renewed.
Manual Certificate Sync
You can manually trigger certificate synchronization to Chef using the sync certificates functionality. This is useful for:- Initial setup when you have existing certificates to deploy
- One-time sync of specific certificates
- Testing certificate sync configurations
- Force sync after making changes
FAQ
Can I import certificates from Chef back into Infisical?
Can I import certificates from Chef back into Infisical?
Chef does not support importing certificates back into Infisical
due to the nature of Chef data bags where certificates are stored as data
rather than managed certificate objects.
What’s Next?
AWS Certificate Manager
Import certificates into ACM for AWS services.
Auto-Renewal
Enable automatic certificate renewal and syncing.
Alerting
Get notified about certificate lifecycle events.
Other Sync Destinations
View all supported sync destinations.