- From: Michael Guterl <
>
- To:
- Subject: [chef] Re: Re: Sensitive Data w/ Solo
- Date: Fri, 18 Jun 2010 14:48:30 -0400
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=UBDqzT3jGxxvqawrn0u5MmYLGdqErLXwZxsHBsKkEFwQLFR3tqJEK+OlYuVWcUoZP4 BimTWZA28uOkFPir4zMNpA4TKRqxp5h4EQAQQk3qibCKRi1ULPYoxwUUpWhe8Agc8hAc doP6+4SXaBR3VQ5pchAJHpY/kmbVLqJAlUXOg=
On Thu, Jun 17, 2010 at 12:59 PM, Ruby Newbie
<
>
wrote:
>
Ohai, Michael.
>
>
On Jun 17, 2010, at 12:25 PM, Michael Guterl wrote:
>
> I'm curious how others are handling sensitive information (passwords,
>
> ssh keys, etc) that may be part of a chef cookbook
>
For now, I have been keeping such data a 'secrets' directory that is
>
located within my Chef operations repo, but is not actually *part* of the
>
repo (using gitignore). Most of the secrets are contained in a JSON file,
>
as Chef attributes, but there are also some flat files (the current Chef
>
server validation.pem, apache SSL certs, etc.), which are used by other
>
software systems, in addition to chef-client (like knife).
>
I'm still relatively new to Chef and I may be missing something
obvious. If you don't keep the secrets directory as part of the repo,
how do you get the secrets to the server that you're provisioning?
Best,
Michael Guterl
Archive powered by MHonArc 2.6.16.