chef - [chef] First step towards Password Management

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] First step towards Password Management

From: Sachin Gupta < >
To: " " < >
Cc: sachin kumar < >
Subject: [chef] First step towards Password Management
Date: Tue, 17 Mar 2015 15:41:43 +0530

Hi All,

    In my current project, I am working for securing passwords required for chef automation scripts.
    I would like to share my approach and require inputs & suggestions, so that I can implement this in a better way.

    I would like to have a passowrd.json in my chef deployment cookbooks that will provides an inventory for all password parameters   required by the dependent cookbooks along with the meta-data required to populate an encrypted data bag with actual password values.
    The password_meta.json files includes only the metadata for the passwords and not the actual passwords.

    The parameter values will be fetched at run time and stored temporarily in an encrypted data bag so that   they may be accessed by the cookbooks.

    once the cookbook has been executed/end of chef run, the encrypted data bag and the SSH key will be deleted.

would like to know inputs and suggestions on this approach or is there any better approach to secure password??

Thanks & Regards,

Sachin Gupta

[chef] First step towards Password Management, Sachin Gupta, 03/17/2015