chef - [chef] Re: attributes for passwords?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: attributes for passwords?

From: Daniel DeLeo < >
To:
Subject: [chef] Re: attributes for passwords?
Date: Mon, 10 May 2010 20:52:06 -0700

We don't have a great solution for that yet.

The basic infrastructure is in place--client connections are signed
with a private key that is (in practice) unique to the node. So it
should be possible to run that backwards and encrypt a string with the
public key so only the node could read it. We don't have any plans
right now to implement such a thing, so someone would need to
contribute it.

Dan DeLeo

On Mon, May 10, 2010 at 1:00 PM, Dan Prince
< >
wrote:
> What are the general thoughts on using attributes (properties) for
> passwords. If password attributes are stored in the central Chef Server any
> Chef client/node can potentially query the password attributes of another
> node on the network. Right?
>
> Are other people storing passwords for things like database connection
> strings in attributes? Is there anything in the pipe that would protect
> nodes from reading each others password attributes? Perhaps a mask function
> to secure a subset of attributes so that nodes would only be able to query
> each others non-secure attributes.
>
> Dan
>
>

[chef] attributes for passwords?, Dan Prince, 05/10/2010
- [chef] Re: attributes for passwords?, Daniel DeLeo, 05/10/2010
  - [chef] RE: Re: attributes for passwords?, Dan Prince, 05/11/2010