- From: Noah Kantrowitz <
>
- To:
- Subject: [chef] Re: Database Secrets
- Date: Mon, 22 Sep 2014 10:16:47 -0700
Others have already commented with my post on this topic, but just for the
record I wanted to make this clearer:
Under no circumstances store private data in node attributes. All nodes can
see all other node attributes by default. Unless you want every node in your
network to have effective root on your DB server, this is not viable.
</scarywords>
--Noah
On Sep 21, 2014, at 9:56 PM, DV
<
>
wrote:
>
How about letting mysql cookbook generate root password and store it in the
>
Chef node object, then use knife-backup gem to backup node objects to
>
secure location?
>
>
On Sun, Sep 21, 2014 at 9:34 PM, Angus Buchanan
>
<
>
>
wrote:
>
What ways have people used to maintain database secrets? I'm thinking
>
specifically of the mysql root password which is just an attribute in the
>
mysql cookbook, and passwords for production databases?
>
>
I don't want to be checking passwords into Git.
>
>
What strategies have you successfully used?
>
>
-aob
>
>
>
>
--
>
Best regards, Dmitriy V.
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
- [chef] Database Secrets, Angus Buchanan, 09/21/2014
- [chef] Re: Database Secrets, DV, 09/21/2014
- [chef] Re: Database Secrets, Noah Kantrowitz, 09/22/2014
- [chef] Re: Database Secrets, Marco Betti, 09/21/2014
- [chef] Re: Database Secrets, AJ Christensen, 09/21/2014
- [chef] Re: Database Secrets, Sean OMeara, 09/22/2014
Archive powered by MHonArc 2.6.16.