chef - [chef] Re: secure knife use

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: secure knife use

From: Daniel Condomitti < >
To: " " < >
Subject: [chef] Re: secure knife use
Date: Thu, 17 Jan 2013 19:11:57 -0800

They would need your client certificate to do anything. That should only be on the machine you're running knife on, not in source control. If you still want ip restrictions do it with firewall rules or source filtering in something in front of chef-server (nginx, etc)

On Jan 17, 2013, at 7:09 PM, Tim Dunphy < "> > wrote:

Hello list,

�Is there a way to secure my community chef server so that one may only use knife commands from specific IPs. My friend made a valid point that if anyone were able to hack my git server (unlikely but possible) they would be able to wreak havok on my infrastructure using my own chef server. Any thoughts on this?

Thanks
Tim

--
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B

[chef] secure knife use, Tim Dunphy, 01/17/2013
- [chef] Re: secure knife use, Daniel Condomitti, 01/17/2013
  - [chef] Re: Re: secure knife use, Tim Dunphy, 01/18/2013