Im just doing my initial research into Chef. Trying to follow a Chef Tutorial For Beginners. And i started wondering about the security.
Do the nodes trust the server, or are the cookbooks signed on the workstation before uploading to the server.
If the nodes trust the server, it would be a major security risk, as the whole network would rely on the security of the Chef Server. And all my segmentation in the network would be useless.
But if i can sign the the payloads on the workstation, it would be really great. But i am unable to find any information on this.
Maybe someone can help me?