- From: Noah Kantrowitz <
>
- To: Bryan Taylor <
>
- Cc: "
Dev" <
>
- Subject: [chef-dev] Re: How Secure is an encrypted data bag, really?
- Date: Thu, 3 Oct 2013 22:50:49 -0700
The specific protection you get from encrypted data bags is just is the
database of the server is disclosed, they can't get the encrypted info. This
is a very specific, but useful, bit of cryptographic safety, but thats
basically all you get (you can go a bit further if you want to check them
into source control and apply the same logic to your SCM). As you noted, an
actively hostile Chef server is a 100% game over scenario because it is
shipping executable code to be run as root (usually) on your servers. If you
want some different security assurances, you could check out chef-vault,
though it still can't protect against a hostile Chef server.
--Noah
On Oct 3, 2013, at 10:23 PM, Bryan Taylor
<
>
wrote:
>
>
If an attacker gains access to the chef server, can they not alter cookbook
>
code that chef clients eventually run to obtain the data bag decryption
>
keys this way? Is there any protection against this? If not, are there
>
still scenarios where the encryption does add value?
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Archive powered by MHonArc 2.6.16.