[chef] Re: Re: Encrypted Databags are a Code Smell

[Booker Bense < >]

On Mon, Sep 16, 2013 at 12:49 PM, Brad Knowles < " target="_blank"> > wrote:

On Sep 16, 2013, at 1:54 PM, Booker Bense < " target="_blank"> > wrote:

> http://fredthemagicwonderdog.blogspot.com/2013/09/chef-encrypted-data-bags-are-code-smell.html
>
> The more I think about it, the more I think encrypted data bags aren't the solution.

The problem that was intended to be solved by encrypted data bags is where you share the Chef Server infrastructure with one or more other parties, and where you do not trust that infrastructure.  Therefore, you encrypt your data bag content before uploading it to the Chef Server, and on the other end you decrypt it after you download the data bag content from the Chef Server.  This is done with symmetric encryption keys.

In other words, they're solving the problem of not trusting a Hosted Chef environment. 

 

If you don't trust Hosted Chef to keep your keys, why are you trusting it to keep code you run as root on your system? There is some value to EDB in the hosted chef scenerio. It certainly helps with the problem of leaking data via backups, code repos, etc... even outside the hosted chef scenerio.  

But EDB's don't solve the problem of putting a secret on the machine in the first place. They just change which secret needs to be installed. If you've got a process for installing the key for the EDB, why not just use that to install your secret and avoid the exposure of Hosted Chef altogether?

- Booker C. Bense