Set the ejabberd postgresql user from an encrypted data bag

site-cookbooks/kosmos-ejabberd/recipes/default.rb

@@ -27,25 +27,18 @@ dpkg_package "ejabberd" do
   notifies :create, "file[/lib/systemd/system/ejabberd.service]", :immediately
 end
 
-postgresql_connection_info = {
-    host:     '127.0.0.1',
-    port:     5432,
-    username: 'postgres',
-    password: node['postgresql']['password']['postgres']
-}
+postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
+ejabberd_user_password = postgresql_data_bag_item['ejabberd_user_password']
 
 postgresql_database 'ejabberd' do
-  connection postgresql_connection_info
   action :create
   notifies :run, "execute[create db schema]", :delayed
 end
 
-postgresql_database_user 'ejabberd' do
-  connection postgresql_connection_info
-  password   'super_secret'
-  database_name 'ejabberd'
-  privileges    [:all]
-  action     [:create, :grant]
+postgresql_user 'ejabberd' do
+  password ejabberd_user_password
+  database 'ejabberd'
+  action     [:create]
 end
 
 execute "create db schema" do
@@ -58,7 +51,7 @@ template "/opt/ejabberd/conf/ejabberd.yml" do
   source    "ejabberd.yml.erb"
   mode      0640
   sensitive true
-  variables pgsql_password: "super_secret"
+  variables pgsql_password: ejabberd_user_password
   notifies :run, "execute[ejabberdctl reload_config]", :delayed
 end