- From: Steffen Gebert <
>
- To:
- Subject: [chef] Re: Securing Knife
- Date: Mon, 11 Nov 2013 08:37:17 +0100
Hi,
a different idea: Some people use jenkins to submit updates from Git to
the Chef Server.
This would also help to mitigate this problem, as admins don't work as
Chef admin clients anymore (although I'm still not sure, how useful this
approach is). But you would delegate the authentication problem to Git.
Yours
Steffen
On 06/11/13 23:40, Kemp, Joseph A. (JKEMP) wrote:
>
I am puzzled how to secure the use of knife in open source chef. If I add
>
a password to the user PEM I am forced to enter the password multiple times
>
for each knife command. So that's not a very user friendly option.
>
Someone else suggested storing the pem on an encrypted file
>
system/device/etc. What is the best practice to provide controlled admin
>
access to the chef server? It's a little unnerving that someone with a
>
copy of any admin PEM file gains complete control over your infrastructure.
>
I feel like I must be missing something.
>
>
Thanks,
>
-Joe
>
- [chef] RE: Re: Securing Knife, (continued)
[chef] Re: Securing Knife, Steffen Gebert, 11/10/2013
Archive powered by MHonArc 2.6.16.