chef - [chef] Handling of encrypted data bag keys

First login ?
Lost password ?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Handling of encrypted data bag keys

From: Thom May < >
To:
Subject: [chef] Handling of encrypted data bag keys
Date: Thu, 11 Apr 2013 12:00:49 +0100

Hey,

how are people handling the distribution of encryption keys for data bags? It seems unfortunate to have to copy out the encryption key at bootstrap time, but having it as a cookbook file is daft.

So then I was thinking I'd have the key on a private s3 bucket, which could then be accessed with signed urls.

But then I thought, if we're doing that, why bother putting the file on disk at all? Just download the contents at the start of the chef run, use it for the duration, and let the key go away when the chef process dies.

Am I missing something?

-T

[chef] Handling of encrypted data bag keys, Thom May, 04/11/2013
- [chef] Re: Handling of encrypted data bag keys, Sachin Sagar Rai, 04/11/2013
  - [chef] Re: Re: Handling of encrypted data bag keys, Thom May, 04/11/2013
    - [chef] Re: Re: Re: Handling of encrypted data bag keys, Moser, Kevin, 04/11/2013