knife vault download doesn't work?

[szymonpk]

$ knife vault create foo bar
# put some data
$ knife vault download foo bar ~/file
Saved  as /Users/szymon/file
$ cat ~/file # empty file, 0 bytes
$

I'm using vault 2.6.1 with chef 12.2.1. For now I'm using knife download data_bags/foo/ as pointed out by @jtimberman.

[jf647]

The docs on this are poor. It says that you use it to "Decrypt and download an encrypted file to the specified path." What it should point out is that it's the inverse of knife vault create --file FILENAME.

When you use --file to create a vault, it creates two keys in the vault item: file-name and file-content.

So knife vault download opens up the vault item, then writes whatever it finds in the file-content key to a file named using the file-name key. In your case these are presumably not found because you have free-form data in your vault.

To be honest, this is a subcommand that I'd like to kill off in v3.0, but for now there are a few ways to approach it:

1. Fix up the docs so people have a reasonable expectation of what it does
2. Have it throw a useful error if the vault doesn't have a file-content and file-name key

Probably a combination of both so the error points people to docs that explain it as I have above.

Is your use case to get the raw JSON of the vault? In that case, knife vault show VAULT ITEM -f json will do what you want.

If on the other hand you're trying to get the encrypted content for archival purposes, then knife download data_bags/VAULT/ITEM or knife data bag show VAULT ITEM -f json and knife data bag show VAULT ITEM_keys -f json are what you're looking for.

[szymonpk]

Thanks for clarification, 1. would be fine for me ;-) 1 & 2 would be awesome.