General discussion about Chef

[chef] Re: RE: Using chef solo to aws distribute keys


Chronological Thread 
  • From: Peter Burkholder < >
  • To: " " < >
  • Subject: [chef] Re: RE: Using chef solo to aws distribute keys
  • Date: Thu, 18 Dec 2014 14:27:12 -0500
Hi,

If you mean distributing AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, then I would recommend a) not doing so, and using IAM roles to grant access to AWS resources or b) if you must distribute keys then use Encrypted DataBags; Chef-Vault, https://github.com/Nordstrom/chef-vault; or Citadel, https://github.com/poise/citadel.

If I'm missing the point of the question, or if you don't know where to get started with IAM roles, then please feel free to follow-up.

Cheers,

Peter

On Wed, Dec 17, 2014 at 10:14 AM, Nico Kadel-Garcia < " target="_blank"> > wrote:

I’d also appreciate help with this, for various forms of keys. It’s theoretically possible to distribute a chef encryption key out of band, and use unique keys for unique hosts or classes of hosts, but managing it gets burdensome very quickly when you have more than a few hosts or a few classes of environment.

 

Nico Kadel-Garcia

Lead DevOps Engineer

" target="_blank">

 

 

From: David Montgomery [mailto: " target="_blank"> ]
Sent: Monday, December 08, 2014 2:57 PM
To: " target="_blank">
Subject: [chef] Using chef solo to aws distribute keys

 

Hi,

I have aws keys that I need to redistribute to nodes. I use chef solo.  What is best practice with chef-solo?  Are there any docs regarding this?  I cant find. 


Thanks


Archive powered by MHonArc 2.6.16.

§