- From: Michael Guterl <
>
- To:
- Subject: [chef] Re: Sensitive Data w/ Solo
- Date: Fri, 18 Jun 2010 15:09:41 -0400
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=hjILeYoqS4Y+alOjekJ/geLK4tqkia59FBh4vXvd5bvLlMkcbKrlIgucO/XTBnMsnp FATi3SRQ/TufD/x20QDp1bcREnEELlDUnsdhqJkoYni2UCCa6DTU3+FXUtmbkYvN9ljG b1r0TPsEW/b2WWzqUiAcQ6bmAa2Ztqr5XTJ2w=
On Thu, Jun 17, 2010 at 12:25 PM, Michael Guterl
<
>
wrote:
>
I'm curious how others are handling sensitive information (passwords,
>
ssh keys, etc) that may be part of a chef cookbook... Keeping the
>
repository private is one option, however, that will require either
>
generating an ssh key pair and providing the public key to the git
>
repo's ssh server or using a shared set of ssh keys that is used only
>
for accessing the git repository. Can anyone provide some insight into
>
the best practices for this?
>
>
I asked this question earlier today on IRC, kallistec suggested using
>
data bags, but I'm using chef-solo so that is out of the question.
>
Given the variety of replies that I have received, I realize I may
have not explained myself as good as I could have. I appreciate all
of the replies I have received thus far, although I still don't know
if any of them will help my particular case.
I have created a gist with the bootstrap.sh script I'm using:
https://gist.github.com/557d9694a9606b9edbeb
In order to gain access to the private repository I have to either use
a set of shared SSH keys that github is already setup with or I have
to generate a new set of SSH keys and somehow let github know about
the new public key.
I think a set of shared keys is probably the easiest approach,
however, storing the text of the keys in the bootstrap script seems
wrong.
Is anyone dealing with anything similar?
Best,
Michael Guterl
Archive powered by MHonArc 2.6.16.