Hi,
I'd like to share some thoughts on my Chef Solo secrets policy and would appreciate any feedback.
I'm planning to migrate a 7 server Chef Solo configuration management process to Chef Server (hosted at chef).
For each of the 7 servers on this project this is what I do.
1) Upload via scp chef_secret_key.txt to ~/.ssh/chef_secret_key.txt
2) knife solo cook --forward-agent --no-chef-check --no-berkshelf
3) remove chef_secret_key.txt via ssh
When Chef client runs on a server the recipes decrypt databags using the password from ~/.ssh/chef_secret_key.txt
At the end of the run the password file is removed.
Those 3 steps I have wrapped in a custom Thor script, in practice I just issue a command like
./devops.rb cook --user ubuntu --hostname
web01.prd.nyc.example.comSo that all works fine.
Each Chef solo run though needs to upload about 8MB. So that's 7 x 8MB for every run.
This has worked fine but it's a little slow as I'm on an island in Sth. East Asia - tropical life :-)
Migrating to Chef Server I'd like to not have to refactor too much.
I think my only real option is to boostrap the servers with ~/.ssh/chef_secret_key.txt and leave it there all the time.
It would mean if the server ever gets owned by an intruder they'd be able to decrypt the chef data bags.
I think that's going to be part of the trade off from Chef Solo to Chef Server.
Any thoughts or feedback would be much appreciated.
Thanks!