Since a chef-server can be a Berkshelf source, I’m wondering how people are dealing with client keys.
Our CI will take care of uploading cookbook so “developer” access will be read-only.
I see a couple ways to approach this:
One global client.pem that all developers will use. Since the endpoint is behind a VPN, if that key gets out, the exposure is mitigated.
Managing individual client per developer. Although this is the most “secure”, it does carry the highest ongoing maintenance cost.
Disabling authentication all together (i.e. chef-zero)
Since I already have access to the developer’s ssh public via LDAP, somehow tie them together.
What are others doing?