[chef] Re: Re: Re: Re: Re: Re: Encrypted Databags are a Code Smell

[Seth Falcon < >]

 writes:
> Chef already has a item of trust in the key pair each client must have to
> use the system. Rather than creating a whole new ecosystem to manage the
> ACL's and keys of EDB's ( which is what Chef Vault attempts), it seems to
> me to make more sense to try and build something on the existing trust
> item. You already have a process for installing the chef key pair
> client.

I'm confused. Isn't that what Chef Vault is doing? It uses the existing
key pairs in the Chef system to provide access to a shared secret by
encrypting the secret for each public key that needs access to it.

+ seth

-- 
Seth Falcon | Development Lead | Opscode | @sfalcon