- From: Arnold Krille <
>
- To:
- Subject: [chef] Re: Validation keys at Chef server
- Date: Sun, 3 Aug 2014 16:33:08 +0200
Hi,
On Fri, 1 Aug 2014 18:50:57 +0000 "Flores, Luis Fernando (GE Capital,
Non-GE)"
<
>
wrote:
>
Hello, I'm changing my workstation for a new one (Hypothetically), I
>
want to download my validation keys from the chef server without
>
resetting them, How is this achieved? So far I have not found a way
>
to do it and it is kind of weird that someone has to email me the
>
organization validation key, it would be a nice feature to be able to
>
just download the file once I log in, is there anything preventing
>
this simple procedure?
I think the main reason Chef-Server can't give you the validation-key
is that it doesn't store the private keys of users, machines or
validators. And if it did, there would be several people filing urgent
security reports against it...
You can get the validation key from the first admin after setup,
probably from other admins or your old laptop too. You can create new
keys for validation and admins at any time, but when doing so you will
see a warning that you _have_ to save the private key yourself as
chef-server isn't storing it.
Really the securest way would be to create new keys on your workstation
and make the chef-server only sign your signing-requests to trust them
in the future. But I think that is still on the todo list for admin-
and validation-keys.
Have fun,
Arnold
Attachment:
signature.asc
Description: PGP signature
Archive powered by MHonArc 2.6.16.