chef - [chef] Re: Update on Heartbleed and Chef Keys

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Update on Heartbleed and Chef Keys

From: Nick Silkey < >
To: " " < >
Subject: [chef] Re: Update on Heartbleed and Chef Keys
Date: Thu, 10 Apr 2014 20:30:25 -0500

Stephen --

Thanks for being forthcoming in this. If customers are to consider
_all_ private keys compromised, should they undertake the following:

-remove client-side private keys
-upgrade chef-client packages
-nuke client objects on chef-server
-rotate validator key on chef-server
-use new validator key to re-bootstrap upgraded clients to chef-server
-rotate additional user keys

This is in addition to chef-server upgrades + nginx ssl certs regeneration.

On Thu, Apr 10, 2014 at 7:57 PM, Stephen Delano
< >
wrote:
> Ohai Chefs!
>
> We've added a post to the Chef blog that details the ways in which the
> Heartbleed bug could allow the client private keys in your Chef
> infrastructure to be leaked to an attacker. Take a look here:
> http://www.getchef.com/blog/2014/04/10/update-on-heartbleed-and-chef-keys/
>
> --
> Stephen Delano
> Software Development Engineer
> Opscode, Inc.
> 1008 Western Avenue
> Suite 601
> Seattle, WA 98104

[chef] Update on Heartbleed and Chef Keys, Stephen Delano, 04/10/2014
- [chef] Re: Update on Heartbleed and Chef Keys, Nick Silkey, 04/10/2014
  - [chef] Re: Re: Update on Heartbleed and Chef Keys, Daniel DeLeo, 04/10/2014