Hi,
we store encryption secret file within separate git repos (one different repo for each environment cookbook it refers to) with very restricted access despite to each environment cookbook chef repo that contains encrypted data bag items only.
In this way we don'let cookbooks to generate random passwords out of our control, but we decide our passwords rules and change policies.
Regards,
Marco
What ways have people used to maintain database secrets? I'm thinking specifically of the mysql root password which is just an attribute in the mysql cookbook, and passwords for production databases?I don't want to be checking passwords into Git.What strategies have you successfully used?-aob
Archive powered by MHonArc 2.6.16.