chef - [chef] Re: Re: Re: Sensitive Data w/ Solo

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Re: Re: Sensitive Data w/ Solo

From: Ruby Newbie < >
To:
Subject: [chef] Re: Re: Re: Sensitive Data w/ Solo
Date: Fri, 18 Jun 2010 15:46:54 -0400

Hey, Michael.

On Jun 18, 2010, at 2:48 PM, Michael Guterl wrote:
> I'm still relatively new to Chef and I may be missing something
> obvious. If you don't keep the secrets directory as part of the repo,
> how do you get the secrets to the server that you're provisioning?
Sorry, my first response wasn't clear. I guess that the whole discussion
around where to store secret data is motivated by security concerns, so
instead of asking whether the secrets are "part of" the configuration repo,
perhaps we should address:
1) Whether the secret data is stored in the same source-code-management
repository as the rest of the config; and
2) Whether the secrets are available to people who need to configure new
nodes (whether using chef-client, or chef-solo).

Presumably we all would like to make sure that the answer to the first
question is "no". Both of the mechanisms described so far in response to your
inquiry (merging the secrets into a special role at launch time, and storing
them in some external server, like Chef's own data bags) satisfy this
condition.

However, I can't think of an easy way to satisfy the second condition. Any
person in your organization who requires the capability to configure nodes,
is ultimately going to require SOME level of access to whatever secrets those
nodes need. Even if the secrets are stored in some Kerberos-like,
time-limited key server, at some point the data needed to authenticate to
THAT needs to be generated and given to the node.

So the important thing for my team was just to make sure that secrets are
properly compartmentalized, so that developers, testers, and production ops
personnel can all use the same shared config without overly compromising
security. When production nodes are launched, they pull the secrets from the
special-purpose role stored in the Chef server, but when I want to try out a
node configuration using Chef solo, I have a rake task that does the
following:
1) Uses a single rsync command to push both the Chef configuration repo and
the secrets (that are symlinked beneath the config repo, but again, not
stored in Git).
2) Opens an SSH connection and runs chef-solo, passing the same JSON launch
data as would have been used in client-server mode.

Again, this method satisfies the first security-related condition, but not
the second.

Hope this helps,
- R. Newbie

[chef] Sensitive Data w/ Solo, Michael Guterl, 06/17/2010
- [chef] Re: Sensitive Data w/ Solo, Lee Azzarello, 06/17/2010
  - [chef] Re: Re: Sensitive Data w/ Solo, Michael Guterl, 06/18/2010
- [chef] Re: Sensitive Data w/ Solo, Ruby Newbie, 06/17/2010
  - [chef] Re: Re: Sensitive Data w/ Solo, Erik Kastner, 06/17/2010
  - [chef] Re: Re: Sensitive Data w/ Solo, Michael Guterl, 06/18/2010
    - [chef] Re: Re: Re: Sensitive Data w/ Solo, Ruby Newbie, 06/18/2010
      - [chef] Re: Re: Re: Re: Sensitive Data w/ Solo, Ruby Newbie, 06/18/2010
        
        [chef] Re: Re: Re: Re: Re: Sensitive Data w/ Solo, Dreamcat4, 06/19/2010
        
        [chef] Re: Re: Re: Re: Re: Sensitive Data w/ Solo, Michael Guterl, 06/20/2010
- [chef] Re: Sensitive Data w/ Solo, Michael Guterl, 06/18/2010