Given the frequency of small bugs in being found in crypto
implementations in open source projects recently, it would be great to
get some detailed review of the encrypted data bag feature. We sort of
built the crypto bits ourselves, albeit on top of OpenSSL. Anyone up
for that?
Xabier has been working on a version 3 of encrypted data bags, please
take a look if you're into this sort of thing.
Is the analysis you're asking for limited to a crypto review of the
encrypted data bags feature as it currently exists, or are you asking our
opinion of secrets storage in general?
--Michael
On Wed, Jun 11, 2014 at 12:36 PM, Bryan McLellan btm@getchef.com wrote:
Given the frequency of small bugs in being found in crypto
implementations in open source projects recently, it would be great to
get some detailed review of the encrypted data bag feature. We sort of
built the crypto bits ourselves, albeit on top of OpenSSL. Anyone up
for that?
Is the analysis you're asking for limited to a crypto review of the
encrypted data bags feature as it currently exists, or are you asking our
opinion of secrets storage in general?
--Michael
On Wed, Jun 11, 2014 at 12:36 PM, Bryan McLellan btm@getchef.com
wrote:
Given the frequency of small bugs in being found in crypto
implementations in open source projects recently, it would be great
to get some detailed review of the encrypted data bag feature. We
sort of built the crypto bits ourselves, albeit on top of OpenSSL.
Anyone up for that?
Rajiv, thank you for posting that coderanger link. While I don't agree
with his generalization about not storing anything in databags, I'm very
keen on using IAM roles and S3 for storing secrets. I had also not heard
of Barbican.
Is the analysis you're asking for limited to a crypto review of the
encrypted data bags feature as it currently exists, or are you asking our
opinion of secrets storage in general?
--Michael
On Wed, Jun 11, 2014 at 12:36 PM, Bryan McLellan btm@getchef.com
wrote:
Given the frequency of small bugs in being found in crypto
implementations in open source projects recently, it would be great
to get some detailed review of the encrypted data bag feature. We
sort of built the crypto bits ourselves, albeit on top of OpenSSL.
Anyone up for that?