[chef] Chef Server security

[James Le Cuirot < >]

Hello all,

I used Chef a long time ago and am now bringing it into my new job
where security is a bigger priority. I've seen stuff like chef-vault,
which is great, but I'm finding very little about how clients could be
abused if the Chef Server is compromised, i.e. cookbooks being modified
and such. It seems like just about anything could happen. Maybe the
answer is simply "defend your Chef Server like Fort Knox" but I
expected to see more discussion to that effect.

Obviously Chef is used by some massive players around the world and I'm
not claiming that our security needs are somehow greater than theirs
but I still feel this is a valid concern. Some opinions would be
appreciated.

Regards,
James