On Thursday, April 11, 2013 at 4:45 PM, Thom May wrote:
Hey,how are people handling the distribution of encryption keys for data bags? It seems unfortunate to have to copy out the encryption key at bootstrap time, but having it as a cookbook file is daft.So then I was thinking I'd have the key on a private s3 bucket, which could then be accessed with signed urls.But then I thought, if we're doing that, why bother putting the file on disk at all? Just download the contents at the start of the chef run, use it for the duration, and let the key go away when the chef process dies.Am I missing something?-T
Archive powered by MHonArc 2.6.16.