chef - [chef] Where to keep the secret-file or secret text for data bags

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Where to keep the secret-file or secret text for data bags

From: Adam < >
To:
Subject: [chef] Where to keep the secret-file or secret text for data bags
Date: Tue, 14 Oct 2014 07:38:44 -0700 (PDT)

Where do you prefer to store the secret-key?  Here are my problems on where to
store the key.

1. Storing it in chef seems kind of ridiculous because you seem to lose the
point of security.  Having the key kept on the same box as your encrypted data
defeats the purpose unless I am missing something.  If you do store it in Chef
where do you put it in a data bag.

2. Storing it as a file on the chef client means you would need to have a
snapshot of that instance when you go to deploy a new server instance.

3.  Keeping it as an attribute in your cookbook  seems like it might be the
best choice.  Even though the key is now stored as plain text in your cookbook
and also in your Chef server.

Advance thanks for helping me in trying to determine where I need to keep my
key.

[chef] Where to keep the secret-file or secret text for data bags, Adam, 10/14/2014
- [chef] Re: Where to keep the secret-file or secret text for data bags, Noah Kantrowitz, 10/14/2014