Hi,
I’d like to share some thoughts on my Chef Solo secrets policy and would
appreciate any feedback.
I’m planning to migrate a 7 server Chef Solo configuration management
process to Chef Server (hosted at chef).
For each of the 7 servers on this project this is what I do.
-
Upload via scp chef_secret_key.txt to ~/.ssh/chef_secret_key.txt
-
knife solo cook --forward-agent --no-chef-check --no-berkshelf
user@server -
remove chef_secret_key.txt via ssh
When Chef client runs on a server the recipes decrypt databags using the
password from ~/.ssh/chef_secret_key.txt
At the end of the run the password file is removed.
Those 3 steps I have wrapped in a custom Thor script, in practice I just
issue a command like
./devops.rb cook --user ubuntu --hostname web01.prd.nyc.example.com
So that all works fine.
Each Chef solo run though needs to upload about 8MB. So that’s 7 x 8MB for
every run.
This has worked fine but it’s a little slow as I’m on an island in Sth.
East Asia - tropical life 
Migrating to Chef Server I’d like to not have to refactor too much.
I think my only real option is to boostrap the servers with
~/.ssh/chef_secret_key.txt and leave it there all the time.
It would mean if the server ever gets owned by an intruder they’d be able
to decrypt the chef data bags.
I think that’s going to be part of the trade off from Chef Solo to Chef
Server.
Any thoughts or feedback would be much appreciated.
Thanks!