[chef] Re: Re: Re: Re: sensitive data best practices

[Thom May < >]

On Thu, Sep 9, 2010 at 06:02, Adam Jacob 
<
 >
 wrote:
>
> I think any good answer to this question is going to involve lots of
> thinking about the exact use cases.  For example, I've built a
> password escrow service before specifically for passing the Sarbanes
> Oxley audit requirement that developers not have access to production
> passwords for financial systems.  It stored the actual secret on a
> secured machine, and granted access to production systems through
> indirection, and updated configuration templates or services on
> demand.  It worked for the use case, but I don't think it's general
> purpose applicable here.
>
> Is the primary use case people storing passwords?

I wonder if ACLs might not be a reasonable way of securing this;
be able to have "secure" attributes that you can ACL differently to
normal attributes.
It's obviously not good enough to pass SOX or PCI, but for day to day
use cases like
giving developers access to chef but remove their ability to view
production passwords
it's probably good enough.

-Thom