[chef] Re: Encrypted Databags are a Code Smell

[Brad Knowles < >]

On Sep 16, 2013, at 1:54 PM, Booker Bense 
<
 >
 wrote:

> http://fredthemagicwonderdog.blogspot.com/2013/09/chef-encrypted-data-bags-are-code-smell.html
> 
> The more I think about it, the more I think encrypted data bags aren't the 
> solution.

The problem that was intended to be solved by encrypted data bags is where 
you share the Chef Server infrastructure with one or more other parties, and 
where you do not trust that infrastructure.  Therefore, you encrypt your data 
bag content before uploading it to the Chef Server, and on the other end you 
decrypt it after you download the data bag content from the Chef Server.  
This is done with symmetric encryption keys.

In other words, they're solving the problem of not trusting a Hosted Chef 
environment.

Encrypted data bags were never intended to do anything else.  Anyone who uses 
them for anything else is just setting themselves up for future pain and 
problems.  Anyone who recommends that anyone use them for anything else is 
being foolish and reckless.


I'm not convinced that Chef Vault is anything of an improvement in this 
space, except perhaps for the issue of how to distribute a shared symmetric 
encryption key.  I'm still trying to figure out how I feel about that.


Meanwhile, if we could completely eliminate the shared symmetric encryption 
key and use asymmetric public key cryptography instead, I think that would go 
a long ways towards solving at least some of the problems.

I know that Chef Vault tries to do this to a degree, but I am not convinced 
that they have covered all or even most of the holes that need to be 
addressed.

--
Brad Knowles 
<
 >
LinkedIn Profile: <http://tinyurl.com/y8kpxu>