- From: Noah Kantrowitz <
>
- To:
- Subject: [chef] Re: Question about Hosted Chef
- Date: Tue, 26 May 2015 23:25:18 -0700
On May 26, 2015, at 9:02 PM, Jing Li
<
>
wrote:
>
Hi There,
>
>
We are currently hosting our own Chef Server on AWS, it's awesome!
>
>
As our servers growing, we are looking at to move to the hosted Chef
>
solution. Since we store many credential information in our cook books such
>
as SSL certificate, passwords and etc, we would like to learn more about
>
the security mode for hosted Chef solution.
>
>
Can anyone please help us on it?
The security model is basically that there isn't one. Chef has lots of
awesome engineers but Hosted Chef is, at heart, just a big database-powered
web app and so has the same overall security properties as most other apps
like that you've worked with. One of the major reasons why encrypted data
bags were added is it gives you an "out" on the security side of things,
Hosted Chef never gets a copy of the decryption key(s) and so within the
bounds of AES being considered unbreakable these days you can assume that no
possible data leakage from Hosted Chef could disclose the encrypted items.
Beyond that you would need to be more specific about what kind of properties
you are looking at.
--Noah
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Archive powered by MHonArc 2.6.16.