If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: docs.chef.io/server/auth - Authentication.

site address: docs.chef.io/server/auth redirected to: docs.chef.io/server/auth

site title: Authentication

Our opinion (on Wednesday 01 July 2026 4:38:49 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:


page from cache: 14 hours ago
Meta tags:
description=The Chef Infra Server API handles all communication between Chef Infra Client or Chef Workstation. The Chef Infra Server API is an authenticated REST API, which means all requests require authentication and authorization. The Chef Infra tools such as knife and chef-server commands use the Chef Infra Server API for you. The authentication process ensures that Chef Infra Server only responds to requests made by trusted users or clients. Chef Infra Server uses public key encryption. You create the public and private keys when you configure Chef Infra Client or setup Chef Workstation.;

Headings (most frequently used words):

chef, infra, server, key, authentication, user, api, knife, public, and, private, keys, update, pair, for, authenticating, with, authorization, use, storage, debug, issues, reregister, client, validator, nodes, workstations, requests, from, manage, other, options,

Text of the page (most frequently used words):
chef (338), the (178), infra (151), server (113), and (78), key (78), #client (59), api (53), with (49), overview (46), knife (45), node (45), user (39), that (38), version (32), install (32), private (31), automate (30), builder (30), for (28), deployment (28), authentication (27), can (26), using (26), workstation (25), manage (24), about (24), configure (24), aws (24), nodes (23), use (21), config (21), file (20), habitat (20), this (18), users (18), supermarket (18), upgrade (18), from (17), request (17), data (17), print (17), public (16), keys (16), you (16), create (16), end (16), packages (16), prem (16), community (14), directory (14), then (14), get (14), reference (14), are (13), update (13), your (13), rest (13), managed (13), 360 (13), pair (12), new (12), system (12), platform (12), management (12), license (12), backend (12), authorization (11), requests (11), each (11), time (11), list (11), delete (11), settings (11), all (10), require (10), organizations (10), pem (10), following (10), log (10), method (10), compliance (10), backup (10), restore (10), effortless (10), recovery (10), saas (10), postgresql (10), started (10), opensearch (10), database (10), used (9), name (9), run (9), requirements (9), uses (9), resources (9), debug (8), authenticated (8), when (8), set (8), username (8), add (8), example (8), object (8), etc (8), configuration (8), ops (8), cookbooks (8), ctl (8), cloud (8), prerequisites (8), origin (8), disaster (8), desktop (8), guide (8), certificates (8), iam (8), page (7), validator (7), made (7), security (7), make (7), date (7), will (7), clients (7), chef_server_url (7), client_name (7), echo (7), headers (7), openssl (7), supported (7), migrate (7), other (6), reregister (6), feedback (6), expiration (6), runs (6), ruby (6), def (6), puts (6), config_file (6), path (6), pychef (6), timestamp (6), local (6), setup (6), audit (6), inspec (6), style (6), cookstyle (6), cluster (6), services (6), package (6), troubleshooting (6), logs (6), integrations (6), dashboard (6), applications (6), certificate (6), enterprise (6), not (5), policy (5), terms (5), licensing (5), options (5), storage (5), contents (5), which (5), ensures (5), only (5), more (5), subcommands (5), groups (5), verify (5), authenticate (5), option (5), during (5), node_name (5), roles (5), exit (5), content (5), application (5), premises (5), files (5), stores (5), infrastructure (5), download (5), first (5), saves (5), progress (4), trademarks (4), registered (4), its (4), see (4), any (4), their (4), how (4), support (4), github (4), commands (4), must (4), current (4), has (4), active (4), generated (4), store (4), available (4), usage (4), autoconfigure (4), chef_api_request (4), script (4), curl (4), sign (4), hashed_body (4), process (4), repo (4), send (4), downloads (4), uninstall (4), saml (4), ldap (4), resource (4), packs (4), profiles (4), service (4), apis (4), upgrades (4), monitor (4), quick (4), start (4), deprecations (4), cops (4), firewalls (4), ports (4), high (4), availability (4), core (4), origins (4), profile (4), minio (4), single (4), cookbook (4), enrollment (4), getting (4), migration (4), courier (4), tokens (4), jobs (4), app (4), integration (4), external (4), elasticsearch (4), amazon (4), a2ha (4), platforms (4), edition (4), product (3), names (3), one (3), does (3), 2025 (3), authenticating (3), issues (3), workstations (3), table (3), edit (3), tools (3), such (3), makes (3), rsa (3), built (3), base (3), information (3), check (3), associated (3), modify (3), credentials (3), optional (3), specify (3), also (3), generate (3), named (3), subcommand (3), number (3), correct (3), setting (3), most (3), like (3), http (3), returned (3), error (3), destroy (3), interact (3), methods (3), return (3), execute (3), machine (3), node_info (3), envr (3), environment (3), testoption (3), else (3), large (3), exist (3), home (3), cli (3), get_rest (3), https (3), com (3), shows (3), bash (3), auth_headers (3), printf (3), _chef_dir (3), enc (3), base64 (3), awk (3), canonical_request (3), accept (3), hashed_path (3), body (3), endpoint (3), function (3), remove (3), env (3), account (3), nodey (3), banner (3), validation (3), right (3), bags (3), custom (3), bootstrap (3), communicate (3), attempts (3), trusted (3), herein (2), software (2), corporation (2), subsidiaries (2), affiliates (2), rights (2), reserved (2), respective (2), owners (2), between (2), 2026 (2), improve (2), document (2), contact (2), every (2), authenticates (2), located (2), pairs (2), access (2), stored (2), properly (2), plugin (2), added (2), isn (2), plugins (2), been (2), old (2), open (2), match (2), specified (2), note (2), filename (2), save (2), editor (2), while (2), same (2), clock (2), fixed (2), different (2), initial (2), issue (2), register (2), there (2), common (2), wed (2), oct (2), 2011 (2), logging (2), enabled (2), look (2), found (2), ensure (2), 401 (2), may (2), response (2), silly_node (2), foobar (2), executeuserchoice (2), timeofrun (2), profileend (2), profilestart (2), now (2), call (2), kernel (2), fqdn (2), node_array (2), displaynodesdetail (2), false (2), displaynodesperenv (2), unknown (2), exiting (2), case (2), chomp (2), gets (2), eof (2), display (2), location (2), json (2), mixlib (2), signing_key_filename (2), clientname (2), import (2), directly (2), after (2), shell (2), curl_command (2), _chomp (2), length (2), hash (2), userid (2), dgst (2), sha1 (2), binary (2), really (2), helper (2), pwd (2), could (2), code (2), ways (2), need (2), api_endpoint (2), again (2), delete_rest (2), nodename (2), name_args (2), policyfiles (2), should (2), fails (2), exec (2), both (2), they (2), special (2), group (2), responds (2), encryption (2), environments (2), console (2), legacy (2), azure (2), remediation (2), release (2), notes (2), share (2), what (2), scaffolding (2), variables (2), pattern (2), attributehelper (2), attributedefault (2), useplatformhelpers (2), unnecessaryplatformcasestatement (2), unnecessaryoscheck (2), trueclassfalseclassresourceproperties (2), simplifyplatformmajorversioncheck (2), overlycomplexsupportsdependsmetadata (2), negatingonlyif (2), includerecipewithparentheses (2), immediatenotificationtiming (2), filemode (2), defaultcopyrightcomments (2), copyrightcommentformat (2), commentsentencespacing (2), commentformat (2), chefwhaaat (2), attributekeys (2), invalidlicensestring (2), insecurecookbookurl (2), includeresourceexamples (2), includeresourcedescriptions (2), includepropertydescriptions (2), emptymetadatafield (2), defaultmetadatamaintainer (2), sharing (2), sshprivatekey (2), unlessdefinedrequire (2), requirenethttps (2), legacypowershelloutmethods (2), gemspecrequirerubygems (2), gemspeclicense (2), usecreateifmissing (2), unnecessarynameproperty (2), unnecessarydesiredstate (2), suggestsmetadata (2), stringpropertywithnildefault (2), sensitivepropertyinresource (2), resourcewithnothingaction (2), replacesmetadata (2), recipemetadata (2), providesmetadata (2), propertywithrequiredanddefault (2), propertysplatregex (2), ohaiattributetostring (2), namepropertyisrequired (2), multipleplatformchecks (2), longdescriptionmetadata (2), groupingmetadata (2), doublecompiletime (2), customresourcewithallowedactions (2), conflictsmetadata (2), attributemetadata (2), aptrepositorynotifiesaptupdate (2), aptrepositorydistributiondefault (2), redundantcode (2), zipfileresource (2), windowszipfileusage (2), windowsscresource (2), windowsregistryuac (2), whyrunsupportedtrue (2), useszypperrepo (2), userequirerelative (2), usemultipackageinstalls (2), usecheflanguagesystemdhelper (2), usecheflanguageenvhelpers (2), usecheflanguagecloudhelpers (2), usebuildessentialresource (2), unnecessarymixlibshelloutrequire (2), unnecessarydependschef15 (2), unnecessarydependschef14 (2), sysctlparamresource (2), simplifyaptppasetup (2), shellouttochocolatey (2), shellouthelper (2), sevenziparchiveresource (2), setorreturninresources (2), respondtoresourcename (2), respondtoprovides (2), respondtoinmetadata (2), respondtocompiletime (2), resourcenamefrominitialize (2), resourceforcingcompiletime (2), providesfrominitialize (2), propertywithnameattribute (2), powershellscriptexpandarchive (2), powershellinstallwindowsfeature (2), powershellinstallpackage (2), powershellguardinterpreter (2), osxconfigprofileresource (2), opensslx509resource (2), opensslrsakeyresource (2), noderolesinclude (2), nodeinitpackage (2), minitesthandlerusage (2), macosxuserdefaults (2), libarchivefileresource (2), legacyberksfilesource (2), includingwindowsdefaultrecipe (2), includingohaidefaultrecipe (2), includingmixinshelloutinresources (2), includingaptdefaultrecipe (2), ifprovidesdefaultaction (2), foodcriticcomments (2), executetzutil (2), executesysctl (2), executesleep (2), executescexe (2), executeaptupdate (2), emptyresourceinitializemethod (2), dslincludeinresource (2), dependsonzyppercookbook (2), dependsonwindowsfirewallcookbook (2), dependsontimezonelwrpcookbook (2), dependsonopensslcookbook (2), dependsonlocalecookbook (2), dependsonkernelmodulecookbook (2), dependsonchocolateycookbooks (2), dependsonchefvaultcookbook (2), definitions (2), defineschefspecmatchers (2), defaultactionfrominitialize (2), declareactionclass (2), databaghelpers (2), customresourcewithattributes (2), cronmanageresource (2), crondfileortemplate (2), conditionalusingtest (2), classevalactionclass (2), chefgemnokogiri (2), allowedactionsfrominitialize (2), actionmethodinresource (2), modernize (2), searchforenvironmentsorroles (2), dependschefvault (2), cookbookusessearch (2), cookbookusesroles (2), cookbookusespolicygroups (2), cookbookusesenvironments (2), cookbookusesdatabags (2), chefvaultused (2), berksfile (2), windowsversionhelpers (2), windowstaskchangeaction (2), windowspackageinstallertypestring (2), windowsfeatureservermanagercmd (2), verifypropertyusesfileexpansion (2), useyamldump (2), usesruncommandhelper (2), usesdeprecatedmixins (2), useschefresthelpers (2), userdeprecatedsupportsproperty (2), useinlineresourcesdefined (2), useautomaticresourcename (2), searchusespositionalparameters (2), rubyblockcreateaction (2), ruby27keywordargumentwarnings (2), resourcewithoutunifiedtrue (2), resourceusesupdatedmethod (2), resourceusesproviderbasemethod (2), resourceusesonlyresourcename (2), resourceusesdslnamemethod (2), resourceoverridesprovidesmethod (2), resourceinheritsfromcompatresource (2), requirerecipe (2), powershellcookbookhelpers (2), policyfilecommunitysource (2), poisearchiveusage (2), partialsearchhelperusage (2), partialsearchclassusage (2), nodesetwithoutlevel (2), nodesetunless (2), nodeset (2), nodemethodsinsteadofattributes (2), nodedeepfetch (2), namepropertywithdefaultvalue (2), macosuserdefaultsglobalproperty (2), logresourcenotifications (2), localedeprecatedlcallproperty (2), librarianchefspec (2), legacyyumcookbookrecipes (2), legacynotifysyntax (2), launchddeprecatedhashproperty (2), includingyumdnfcompatrecipe (2), includingxmlrubyrecipe (2), hwrpwithoutunifiedtrue (2), hwrpwithoutprovides (2), foodcritictesting (2), foodcriticfile (2), executerelativecreateswithoutcwd (2), executepathproperty (2), erlcallresource (2), epicfail (2), eolauditmodeusage (2), easyinstallresource (2), deprecatedyumrepositoryproperties (2), deprecatedyumrepositoryactions (2), deprecatedwindowsversioncheck (2), deprecatedsudoactions (2), deprecatedshelloutmethods (2), deprecatedplatformmethods (2), deprecatedchefspecplatform (2), dependsonomnibusupdatercookbook (2), dependsonchefreportingcookbook (2), dependsonchefnginxcookbook (2), delivery (2), cookbooksdependsonself (2), cookbookdependsonpoise (2), cookbookdependsonpartialsearch (2), cookbookdependsoncompatresource (2), chocolateypackageuninstallaction (2), chefwindowsplatformhelper (2), chefsugarhelpers (2), chefspeclegacyrunner (2), chefspeccoveragereport (2), chefshellout (2), chefrewind (2), chefhandlerusessupports (2), chefhandlerrecipe (2), cheffile (2), chefdkgenerators (2), tmppath (2), supportsmustbefloat (2), serviceresource (2), scopedfileexist (2), resourcewithnoneaction (2), resourcesetsnameproperty (2), resourcesetsinternalproperties (2), propertywithouttype (2), powershellscriptdeletefile (2), powershellfileexists (2), opensslpasswordhelpers (2), octalmodeasstring (2), notifiesactionnotsymbol (2), nodenormalunless (2), nodenormal (2), metadatamissingversion (2), metadatamissingname (2), metadatamalformeddepends (2), malformedplatformvalueforplatformhelper (2), macosuserdefaultsinvalidtype (2), lazyinresourceguard (2), lazyevalnodeattributedefaults (2), invalidversionmetadata (2), invalidplatformvalueforplatformhelper (2), invalidplatformvalueforplatformfamilyhelper (2), invalidplatformmetadata (2), invalidplatformincase (2), invalidplatformhelper (2), invalidplatformfamilyincase (2), invalidplatformfamilyhelper (2), invalidnotificationtiming (2), invalidnotificationresource (2), invaliddefaultaction (2), invalidcookbookname (2), incorrectlibraryinjection (2), emptyresourceguard (2), dnfpackageallowdowngrades (2), cookbookusesnodesave (2), conditionalrubyshellout (2), chefapplicationfatal (2), blockguardwithonlystring (2), correctness (2), v25 (2), v26 (2), tuning (2), failure (2), tiered (2), installation (2), airgap (2), capacity (2), planning (2), plan (2), refresh (2), strategy (2), membership (2), rbac (2), rotate (2), ssl (2), certs (2), separate (2), scale (2), frontend (2), artifactory (2), artifact (2), warm (2), spare (2), connect (2), windows_update_settings (2), windows_power_management (2), windows_password_policy (2), windows_ie_esc (2), windows_firewall (2), windows_disk_encryption (2), windows_desktop_winrm_settings (2), windows_desktop_screensaver (2), windows_defender_exclusion (2), windows_defender (2), windows_choco_installer (2), windows_automatic_logout (2), windows_app_management (2), windows_admin_control (2), rescue_account (2), macos_power_management (2), macos_password_policy (2), macos_firewall (2), macos_disk_encryption (2), macos_desktop_screensaver (2), macos_automatic_software_updates (2), macos_automatic_logout (2), macos_app_management (2), macos_admin_control (2), windows (2), macos (2), zero (2), touch (2), redirect (2), sso (2), opsworks (2), skills (2), administration (2), guides (2), enroll (2), clis (2), non (2), san (2), best (2), practices (2), feature (2), flags (2), architecture (2), administrator (2), incident (2), servicenow (2), marketplace (2), scan (2), reports (2), eas (2), event (2), feed (2), teams (2), policies (2), actions (2), projects (2), lifecycle (2), feeds (2), notifications (2), cleanup (2), monitoring (2), centralize (2), report (2), ingestion (2), invalid (2), login (2), telemetry (2), session (2), timeout (2), disclosure (2), panel (2), collection (2), topics (2), manager (2), bastion (2), sudo (2), password (2), rds (2), vpc (2), cidr (2), load (2), balancer (2), faqs (2), performance (2), benchmarks (2), rotation (2), self (2), signed (2), view (2), bootstrapping (2), generation (2), place (2), existing (2), efs (2), back (2), filesystem (2), customer (2), airgapped (2), tutorial (2), shortcodes (2), front (2), matter (2), reuse (2), hugo (2), procedures (2), tables (2), headings (2), notices (2), markdown (2), lists (2), linking (2), formatting (2), house (2), contribute (2), docs (2), guidelines (2), contributions (2), commercial (2), versions (2), training (2), blog (2), main (2), certain, countries, appropriate, markings, contained, inclusion, imply, endorsement, affiliation, sponsorship, copyright, last, modified, january, cookie, privacy, trademark, site, map, thank, submit, fill, field, ask, still, stuck, help, yes, was, helpful, handles, communication, means, needs, prevents, accessing, shouldn, additional, functionality, many, members, several, them, maintained, endpoints, documentation, older, have, deleted, old_key_name, unwanted, reduce, risks, placing, don, expire, iso, 8601, format, creating, close, text, containing, sent, keyname, yyyy, ddthh, ssz, regenerate, displayed, standard, output, write, either, drifted, actual, than, minutes, syncing, network, protocol, ntp, happen, reasons, host, recently, changed, resolved, explicitly, executable, incorrect, deleting, running, attempt, happening, causes, occurs, likely, 0000, signing, entry, problems, determine, attempting, often, messages, command, unauthorized, failed, 0700, info, some, cases, receive, 403, another, way, objects, whenever, possible, returns, relevant, type, called, backtrace, join, message, calling, exception, rescue, taken, begin, run_list, chef_environment, platform_version, true, turl, tnode, list_by_environment, detail, slow, per, choose, stdout, level, log_level, from_file, mixin, xml_escape, chefserver, installed, previous, examples, assume, working, find, valid, manner, coderanger, api_request, calls, myapp, web1, python, library, meets, easily, saving, similar, esac, know, substr, int, rsautl, inkey, nhashed, chef_user, grep, org_name, needed, opscode, my_org, meat, potatoes, rice, vegetables, preference, newlines, elif, simply, hard, below, chosen, exists, looks, upward, cwd, until, hits, recursive, searches, usr, bin, requires, two, utilities, abstract, said, interacted, sections, describe, few, doing, interface, perform, operations, authorized, handled, automatically, something, deployments, administrators, who, responsible, managing, maintain, reached, february, longer, under, development, replacement, representative, upgrading, life, eol, warning, confirm, want, just, fatal, show_usage, implementation, mynodedelete, class, mycommands, module, put_rest, post_rest, details, description, hidden, optionally, upload, once, uploaded, applies, order, synchronized, control, git, treated, source, including, recipes, attributes, libraries, templates, everything, define, copied, manually, copy, locally, part, initially, installs, but, subsequent, locations, depending, completed, entire, assigns, future, doesn, yet, specific, leveraging, instance, changes, menu, search, skip,


Text of the page (random words):
ient and chef workstation communicate with chef infra server using the chef infra server api each time that chef infra client or chef workstation makes a request to chef infra server they use a special group of http headers and sign the rest with their private key chef infra server then uses the public key to verify the headers and contents chef infra client chef infra client authenticates with the chef infra server using rsa public key pairs each time a chef infra client needs access to data that is stored on the chef infra server this prevents any node from accessing data that it shouldn t and it ensures that only nodes that are properly registered with the chef infra server can be managed knife rsa public key pairs are used to authenticate knife with chef infra server every time knife attempts to access chef infra server this ensures that each instance of knife is properly registered with chef infra server and that only trusted users can make changes to the data knife can also use the knife exec subcommand to make specific authenticated requests to chef infra server knife plugins can also make authenticated requests to chef infra server by leveraging the knife exec subcommand chef validator the private key doesn t yet exist the first time that chef infra client runs from a new node during the first chef infra client run chef infra client uses the chef validator private key located in etc chef validation pem to register with chef infra server chef infra server assigns chef infra client a private key for all future authentication requests to the chef infra server chef infra client saves the private key on the node as etc chef client pem if the request to communicate with chef infra server with the chef validator key fails then the entire first chef infra client run fails after the first completed chef infra client run delete the chef validator private key at etc chef validation pem chef infra server key storage keys are stored in different locations depending on if the location is a node or a workstation nodes each node stores its private key locally this private key is generated as part of the bootstrap process that initially installs chef infra client on the node the first time chef infra client runs on that node it uses the chef validator to authenticate but then on each subsequent run it uses the private key generated for that client by the chef infra server workstations each workstation stores its private key in the user s chef directory this private key is generated by chef infra server and must be download from the server and copied to the chef directory manually if you require a new private key generate it with chef infra server and copy it to the chef directory again the chef repo is a directory on your workstation that stores everything you need to define your infrastructure with chef infra cookbooks including recipes attributes custom resources libraries and templates data bags policyfiles the chef repo directory should be synchronized with a version control system such as git all of the data in the chef repo should be treated like source code you ll use the chef and knife commands to upload data to the chef infra server from the chef repo directory once uploaded chef infra client uses that data to manage the nodes registered with the chef infra server and to ensure that it applies the right cookbooks policyfiles and settings to the right nodes in the right order the chef directory is a hidden directory that is used to store validation key files and optionally a config rb file chef infra server api authentication api requests a knife plugin is a set of one or more subcommands that can be added to knife to support additional functionality that isn t built in to the base set of knife subcommands many of the knife plugins are built by members of the chef community and several of them are built and maintained by chef a knife plugin can be used to make authenticated api requests to the chef infra server using the following methods method description rest delete_rest use to delete an object from the chef infra server rest get_rest use to get the details of an object on the chef infra server rest post_rest use to add an object to the chef infra server rest put_rest use to update an object on the chef infra server for example module mycommands class mynodedelete chef knife an implementation of knife node delete banner knife my node delete node_name def run if name_args length 1 show_usage ui fatal you must specify a node name exit 1 end nodename name_args 0 api_endpoint nodes nodename again we could just call rest delete_rest nodey rest get_rest api_endpoint ui confirm do you really want to delete nodey nodey destroy end end end from chef manage warning chef manage has reached end of life eol as of february 2026 and is no longer under active development or supported migrate to chef 360 platform as a replacement contact your chef account representative for information about upgrading your system chef manage which runs chef infra server s user interface uses the chef infra server api to perform most operations this ensures that authentication requests to chef infra server are authorized this authentication process is handled automatically and is not something that users need to manage for on premises chef infra server deployments the administrators who are responsible for managing the server must maintain the authentication keys used by chef manage other options the most common ways to interact with chef infra server using the chef infra server api abstract the api from the user that said the chef infra server api can be interacted with directly the following sections describe a few of the ways that are available for doing that curl an api request can be made using curl which is a bash shell script that requires two utilities awk and openssl the following example shows how an authenticated request can be made using the chef infra server api and curl usr bin env bash _chef_dir helper function recursive function that searches for chef configuration directory it looks upward from the cwd until it hits if no directory is found chef is chosen if it exists you could simply hard code the path below if pwd then if d chef then echo chef elif d home chef then echo home chef fi return fi if d chef then echo pwd chef else cd _chef_dir fi _chomp helper function to remove newlines awk printf s 0 chef_api_request this is the meat and potatoes or rice and vegetables your preference really local method path body timestamp chef_server_url client_name hashed_body hashed_path local canonical_request headers auth_headers chef_server_url https api opscode com organizations my_org organizations org_name is needed if echo chef_server_url grep q organizations then endpoint organizations chef_server_url organizations 2 else endpoint 2 fi path chef_server_url 2 client_name chef_user method 1 body 3 hashed_path echo n endpoint openssl dgst sha1 binary openssl enc base64 hashed_body echo n body openssl dgst sha1 binary openssl enc base64 timestamp date u y m dt h m sz canonical_request method method nhashed path hashed_path nx ops content hash hashed_body nx ops timestamp timestamp nx ops userid client_name headers h x ops timestamp timestamp h x ops userid client_name h x chef version 0 10 4 h accept application json h x ops content hash hashed_body h x ops sign version 1 0 auth_headers printf canonical_request openssl rsautl sign inkey _chef_dir client_name pem openssl enc base64 _chomp awk ll int length 60 i 0 while i ll printf h x ops authorization s s i 1 substr 0 i 60 1 60 i i 1 case method in get curl_command curl headers auth_headers path curl_command echo unknown method i only know get 2 return 1 esac chef_api_request after saving this shell script to a file named chef_api_request use it similar to the following bash chef_api_request get clients pychef an api request can be made using pychef which is a python library that meets the mixlib authentication requirements so that it can easily interact with chef infra server the following example shows how an authenticated request can be made using the chef infra server api and pychef from chef import autoconfigure node api autoconfigure n node web1 print n fqdn n myapp version 1 0 n save and the following example shows how to make api calls directly from chef import autoconfigure api autoconfigure print api api_request get clients the previous examples assume that the current working directory is such that pychef can find a valid configuration file in the same manner as chef infra client or knife for more about pychef see https github com coderanger pychef ruby on a system with chef infra client installed use ruby to make an authenticated request to chef infra server require chef config require chef log require chef rest chef_server_url https chefserver com client_name clientname signing_key_filename path to pem for clientname rest chef rest new chef_server_url client_name signing_key_filename puts rest get_rest clients or require mixlib cli require chef require chef node require chef mixin xml_escape require json config_file c chef client rb chef config from_file config_file chef log level chef config log_level def usage puts etc chef client rb the config file location e g home chef config rb etc config_file gets chomp if file exist config_file puts config_file config_file does not exist exiting n exit end stdout puts eof choose options e g 1 1 display all nodes per environment 2 display all nodes in detail can be slow if there a large number of nodes 9 exit eof end def executeuserchoice testoption gets chomp case testoption when 1 execute method displaynodesperenv when 2 execute method displaynodesdetail when 9 puts exit else puts unknown option testoption exiting n exit end end def displaynodesperenv chef environment list false each do envr print environment envr 0 n chef node list_by_environment envr 0 false each do node_info print tnode node_info 0 n print t turl node_info 1 n end end end def displaynodesdetail chef node list true each do node_array node node_array 1 print node name n print t node fqdn n print t node kernel machine n print t node kernel os n print t node platform n print t node platform_version n print t node chef_environment n print t node run_list roles n end end def execute option begin profilestart time now option call profileend time now timeofrun profileend profilestart print time taken timeofrun rescue exception ex print error calling chef api print ex message print ex backtrace join n end end usage executeuserchoice another way ruby can be used with the chef infra server api is to get objects from chef infra server and then interact with the returned data using ruby methods whenever possible the chef infra server api returns an object of the relevant type the returned object is then available to be called by other methods for example the api get method can be used to return a node named foobar and then destroy can be used to delete that node silly_node api get nodes foobar silly_node destroy debug authentication issues in some cases chef infra client may receive a 401 response to the authentication request and a 403 response to an authorization request an authentication error error may look like the following wed 05 oct 2011 15 43 34 0700 info http request returned 401 unauthorized failed to authenticate as node_name ensure that your node_name and client key are correct to debug authentication problems determine which chef infra client is attempting to authenticate this is often found in the log messages for that chef infra client debug logging can be enabled on a chef infra client using the following command chef client l debug when debug logging is enabled a log entry will look like the following wed 05 oct 2011 22 05 35 0000 debug signing the request as node_name if the authentication request occurs during the initial chef infra client run the issue is most likely with the private key if the authentication is happening on the node there are a number of common causes the client pem file is incorrect this can be fixed by deleting the client pem file and re running chef infra client when chef infra client re runs it will re attempt to register with the chef infra server and generate the correct key a node_name is different from the one used during the initial chef infra client run this can happen for a number of reasons for example if the client rb file does not specify the correct node name and the host name has recently changed this issue can be resolved by explicitly setting the node name in the client rb file or by using the n option for the chef infra client executable the system clock has drifted from the actual time by more than 15 minutes this can be fixed by syncing the clock with an network time protocol ntp server update a user s key pair for authenticating with chef infra server you can update a user s key pair on chef infra server with knife using either the knife user reregister subcommand or the knife user key subcommands knife user reregister use knife user reregister to regenerate an rsa key pair for a user knife will store the public key on chef infra server and the private key will be displayed in the standard output or use the file option to write to a named file knife user reregister username options knife user key you can list add edit and delete public keys using the following subcommands knife user key create knife user key delete knife user key list knife user key edit note you can t modify a public key while using that same key to authenticate with chef infra server to update a user s key pair using the knife user key subcommands create a new key pair and then delete the old key pair to update a user s key pair check the current keys associated with the user knife user key list username create a new key pair knife user key create username key name keyname expiration date yyyy mm ddthh mm ssz file filename knife will open your text editor with a data file containing the username key name and key pair expiration date that will be sent to chef infra server modify the username key name and key expiration date to match the new key pair that you are creating then save the file and close your editor knife will also generate a new private key pem file using the specified filename note specify the expiration date in iso 8601 format the expiration date is optional user keys don t expire if an expiration date isn t specified make the new user key active by placing the generated pem file in the chef directory on your workstation open your config rb file or credentials file and modify it to match the new key name check the list of current keys associated with the user knife user key list username delete any old or unwanted keys to reduce security risks knife user key delete username old_key_name check the list of current keys associated with the user to verify that the new key has been added and any older keys have been deleted knife user ke...
Images from subpage: "docs.chef.io/automate/chef_infra_external_cookbooks_in_chef_... " Verify
Images from subpage: "docs.chef.io/automate/backup/" Verify
Images from subpage: "docs.chef.io/automate/log_management/" Verify
Images from subpage: "docs.chef.io/automate/centralize_logs/" Verify
Images from subpage: "docs.chef.io/automate/audit_log_object_storage/" Verify

The site also has references to the 2 subdomain(s)

  chef.io  Verify   community.chef.io  Verify


The site also has 1 references to external domain(s).

 github.com  Verify


Top 50 hastags from of all verified websites.

Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

Header

HTTP/2 301
cache-status Netlify Edge ; fwd=miss
content-type text/html
date Tue, 30 Jun 2026 14:02:18 GMT
location /server/auth/
server Netlify
strict-transport-security max-age=31536000
x-nf-request-id 01KWCDCZTPY4C2MENX0XKW7PK7
content-length 98
HTTP/2 200
accept-ranges bytes
age 0
cache-control public,max-age=0,must-revalidate
cache-status Netlify Edge ; fwd=miss
content-encoding gzip
content-type text/html; charset=UTF-8
date Tue, 30 Jun 2026 14:02:18 GMT
etag 57c2582bd51aa9712831c3eda2972e06-ssl-df
permissions-policy vibrate=(), geolocation=(), midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
referrer-policy no-referrer-when-downgrade
server Netlify
strict-transport-security max-age=2592000
vary Accept-Encoding
x-content-type-options nosniff
x-frame-options DENY
x-nf-request-id 01KWCDD05YDSYSH2ZQWQBANJ16
x-xss-protection X-XSS-Protection: 1

Meta Tags

title="Authentication"
charset="utf-8"
name="description" content="The Chef Infra Server API handles all communication between Chef Infra Client or Chef Workstation. The Chef Infra Server API is an authenticated REST API, which means all requests require authentication and authorization. The Chef Infra tools such as knife and chef-server commands use the Chef Infra Server API for you. The authentication process ensures that Chef Infra Server only responds to requests made by trusted users or clients. Chef Infra Server uses public key encryption. You create the public and private keys when you configure Chef Infra Client or setup Chef Workstation."
http-equiv="x-ua-compatible" content="ie=edge"
name="viewport" content="width=device-width,initial-scale=1"
name="robots" content
class="swiftype" name="chef-product" data-type="string" content="server"
name="hugo_env" content="production"

Load Info

page size185412
load time (s)0.803051
redirect count1
speed download41119
server IP 15.197.167.90
* all occurrences of the string "http://" have been changed to "htt???/"