chef - [chef] Re: sensitive data best practices

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: sensitive data best practices

From: Adam Jacob < >
To:
Subject: [chef] Re: sensitive data best practices
Date: Wed, 8 Sep 2010 09:15:42 -0700

We've had a couple of different approaches. One is to store secrets
in data bags, another is to store it as node attribute data.

A third alternative would be to encrypt the data yourself, and then
deal with key distribution. You can't avoid this - at some point, if
you want the data to be both available and secure, you'll have to
encrypt it, and you'll have to distribute the keys.

Adam

On Mon, Sep 6, 2010 at 7:57 PM, Andrew Shafer
< >
wrote:
>
> How are people sensitive data?
> For example 'passwords'... not just passwords for the nodes but for other
> services like mysql that are running.
> Anyone doing something they think is awesomely secure?
>
>
>
>
>
>

--
Opscode, Inc.
Adam Jacob, CTO
T: (206) 508-7449 E:

[chef] sensitive data best practices, Andrew Shafer, 09/06/2010
- [chef] Re: sensitive data best practices, Jon Wood, 09/07/2010
- [chef] Re: sensitive data best practices, Adam Jacob, 09/08/2010
  - [chef] Re: Re: sensitive data best practices, Jesse Nelson, 09/08/2010
    - [chef] Re: Re: Re: sensitive data best practices, Adam Jacob, 09/08/2010
      - [chef] Re: Re: Re: Re: sensitive data best practices, Thom May, 09/09/2010
      - [chef] Re: Re: Re: Re: sensitive data best practices, Nygard, Michael, 09/09/2010
        
        [chef] Re: Re: Re: Re: Re: sensitive data best practices, Jim Hopp, 09/09/2010