[chef] RE: Re: RE: Using chef solo to aws distribute keys

[Nico Kadel-Garcia < >]

I was referring more to MySQL  database password. This especially applies to MySQL modules in various web servers and backup systems for databases: these tend to rely on passwords stored locally in clear text, but I certainly don’t want them in my role or environment attributes in clear text.

 

I’ve done this with actual chef servers, but am only learning ‘chef-solo’ now. I’d welcome a walkthrough or insights.

 

Nico Kadel-Garcia

Lead DevOps Engineer

">

 

 

From: Peter Burkholder [mailto:
Sent: Thursday, December 18, 2014 2:27 PM
To:
Subject: [chef] Re: RE: Using chef solo to aws distribute keys

 

Hi,

 

If you mean distributing AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, then I would recommend a) not doing so, and using IAM roles to grant access to AWS resources or b) if you must distribute keys then use Encrypted DataBags; Chef-Vault, https://github.com/Nordstrom/chef-vault; or Citadel, https://github.com/poise/citadel.

 

If I'm missing the point of the question, or if you don't know where to get started with IAM roles, then please feel free to follow-up.

 

Cheers,

 

Peter

 

On Wed, Dec 17, 2014 at 10:14 AM, Nico Kadel-Garcia < " target="_blank"> > wrote:

I’d also appreciate help with this, for various forms of keys. It’s theoretically possible to distribute a chef encryption key out of band, and use unique keys for unique hosts or classes of hosts, but managing it gets burdensome very quickly when you have more than a few hosts or a few classes of environment.

 

Nico Kadel-Garcia

Lead DevOps Engineer

" target="_blank">

 

 

From: David Montgomery [mailto: " target="_blank"> ]
Sent: Monday, December 08, 2014 2:57 PM
To: " target="_blank">
Subject: [chef] Using chef solo to aws distribute keys

 

Hi,

I have aws keys that I need to redistribute to nodes. I use chef solo.  What is best practice with chef-solo?  Are there any docs regarding this?  I cant find. 

Thanks