[chef] RE: Re: attributes for passwords?

["Dan Prince" < >]

Thanks for your reply Dan.

I'll talk this over with some of our guys and perhaps enter a feature ticket 
for something along these lines.

Regards,

Dan

-----Original Message-----
From: "Daniel DeLeo" 
<
 >
Sent: Monday, May 10, 2010 11:52pm
To: 

 
Subject: [chef] Re: attributes for passwords?

We don't have a great solution for that yet.

The basic infrastructure is in place--client connections are signed
with a private key that is (in practice) unique to the node. So it
should be possible to run that backwards and encrypt a string with the
public key so only the node could read it. We don't have any plans
right now to implement such a thing, so someone would need to
contribute it.

Dan DeLeo

On Mon, May 10, 2010 at 1:00 PM, Dan Prince 
<
 >
 wrote:
> What are the general thoughts on using attributes (properties) for 
> passwords. If password attributes are stored in the central Chef Server any 
> Chef client/node can potentially query the password attributes of another 
> node on the network. Right?
>
> Are other people storing passwords for things like database connection 
> strings in attributes? Is there anything in the pipe that would protect 
> nodes from reading each others password attributes? Perhaps a mask function 
> to secure a subset of attributes so that nodes would only be able to query 
> each others non-secure attributes.
>
> Dan
>
>