chef-dev - [chef-dev] Re: How Secure is an encrypted data bag, really?

Subscribers: 756
Owners
Adam Jacob
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

Chef Developers

[chef-dev] Re: How Secure is an encrypted data bag, really?

From: Joshua Miller < >
To: Bryan Taylor < >
Cc: " Dev" < >
Subject: [chef-dev] Re: How Secure is an encrypted data bag, really?
Date: Thu, 3 Oct 2013 22:25:39 -0700

Mostly you chef repo will not contain private info if you use encrypted data bags wisely. This allows you to share it with everyone with little concern they are going to get sensitive information.

Joshua

Joshua Miller

Sent with Sparrow

On Thursday, October 3, 2013 at 10:23 PM, Bryan Taylor wrote:

If an attacker gains access to the chef server, can they not alter cookbook code that chef clients eventually run to obtain the data bag decryption keys this way? Is there any protection against this? If not, are there still scenarios where the encryption does add value?

[chef-dev] How Secure is an encrypted data bag, really?, Bryan Taylor, 10/03/2013
- [chef-dev] Re: How Secure is an encrypted data bag, really?, Joshua Miller, 10/03/2013
  - [chef-dev] Re: How Secure is an encrypted data bag, really?, Bryan Taylor, 10/03/2013
    - [chef-dev] Re: How Secure is an encrypted data bag, really?, Joshua Miller, 10/04/2013
- [chef-dev] Re: How Secure is an encrypted data bag, really?, Noah Kantrowitz, 10/04/2013
  - [chef-dev] Re: How Secure is an encrypted data bag, really?, Bryan Taylor, 10/04/2013
- [chef-dev] Re: How Secure is an encrypted data bag, really?, Peter Loron, 10/04/2013