Hi,
This is a general post requesting some feedback on my secret key strategy when using Chef-Solo.
Context:
I have some clients using some simple web apps that use 1-2 boxes each.
I keep them all separate and use Chef-Solo to configure and maintain their Ubuntu servers.
Checked into the git repo for each individual client are encrypted data bags that store
credentials for various external web services these web apps use.
When a Chef-Solo run happens the encrypted data bag is decrypted and used in a reciepe(s).
In order for chef to be able to decrypt the databag, before I start the chef run I copy
in the secret_key.txt with scp to /home/ubuntu/.ssh/secret_key.txt.
Once the chef run completes, or fails for any reason, the secret_key.txt file is removed.
So in effect the secret_key is only ever on the remote machine just before and up until the end of each chef run.
I wrap these 3 steps in a command line Thor script:
* Upload secret_key.txt
* Start chef solo run (knife solo cook)
* Remove secret_key.txt
This method seems to make sense to me and does work OK.
By using a Thor script to run the 3 steps even if the chef run fails the secret_key.txt is always removed.
This gives me peace of mind knowing that if ever the box was cracked by an intruder the secret_key.txt
file is not there for them to decrypt any sensitive data.
I'm not using hosted chef sever for these clients, I have used Chef Vault with Chef server before.
Does all the above make sound sense to you as well?
Any feedback, positive or negative, would be much appreciated.
Thanks!