Validation keys at Chef server

Chef Infra (archive)
1

Hello, I’m changing my workstation for a new one (Hypothetically), I want to download my validation keys from the chef server without resetting them, How is this achieved? So far I have not found a way to do it and it is kind of weird that someone has to email me the organization validation key, it would be a nice feature to be able to just download the file once I log in, is there anything preventing this simple procedure?

Thanks Chefs!

Luis Fernando Flores
+52 449 9107800 xt: 6241
Av. Eugenio Garza Sada #902
Parque Industrial Tecnopolo
Aguascalientes, Aguascalientes,
Mexico 20328

2

You can actually create more than one validation key. On the chef server, under Client, do create new. Check the “validation client” box when creating it.
I’m on my phone so I’m doing this from memory. If you don’t see where to do it, let me know and I’ll do some screenshots when I’m back on a computer!

Sent from Acompli

On Fri, Aug 1, 2014 at 11:51 AM -0700, “Flores, Luis Fernando (GE Capital, Non-GE)” LuisFernando.Flores@ge.com wrote:

Hello, I’m changing my workstation for a new one (Hypothetically), I want to download my validation keys from the chef server without resetting them, How is this achieved? So far I have not found a way to do it and it is kind of weird that someone has to email me the organization validation key, it would be a nice feature to be able to just download the file once I log in, is there anything preventing this simple procedure?

Thanks Chefs!

Luis Fernando Flores
+52 449 9107800 xt: 6241
Av. Eugenio Garza Sada #902
Parque Industrial Tecnopolo
Aguascalientes, Aguascalientes,
Mexico 20328

3

Ok, thank you Matt, this would create a client within my organization, what about the organization’s validator? How to get it if there’s nobody available to email it?

Luis Fernando Flores
+52 449 9107800 xt: 6241
Av. Eugenio Garza Sada #902
Parque Industrial Tecnopolo
Aguascalientes, Aguascalientes,
Mexico 20328

On Aug 1, 2014, at 1:52 PM, Matt Stratton <matt.stratton@gmail.commailto:matt.stratton@gmail.com>
wrote:

You can actually create more than one validation key. On the chef server, under Client, do create new. Check the “validation client” box when creating it.

I’m on my phone so I’m doing this from memory. If you don’t see where to do it, let me know and I’ll do some screenshots when I’m back on a computer!

Sent from Acomplihttp://t.acompli.com/ac_sig

On Fri, Aug 1, 2014 at 11:51 AM -0700, “Flores, Luis Fernando (GE Capital, Non-GE)” <LuisFernando.Flores@ge.commailto:LuisFernando.Flores@ge.com> wrote:

Hello, I’m changing my workstation for a new one (Hypothetically), I want to download my validation keys from the chef server without resetting them, How is this achieved? So far I have not found a way to do it and it is kind of weird that someone has to email me the organization validation key, it would be a nice feature to be able to just download the file once I log in, is there anything preventing this simple procedure?

Thanks Chefs!

Luis Fernando Flores
+52 449 9107800 xt: 6241
Av. Eugenio Garza Sada #902
Parque Industrial Tecnopolo
Aguascalientes, Aguascalientes,
Mexico 20328

4

Hi,

On Fri, 1 Aug 2014 18:50:57 +0000 "Flores, Luis Fernando (GE Capital,
Non-GE)" LuisFernando.Flores@ge.com wrote:

Hello, I'm changing my workstation for a new one (Hypothetically), I
want to download my validation keys from the chef server without
resetting them, How is this achieved? So far I have not found a way
to do it and it is kind of weird that someone has to email me the
organization validation key, it would be a nice feature to be able to
just download the file once I log in, is there anything preventing
this simple procedure?

I think the main reason Chef-Server can't give you the validation-key
is that it doesn't store the private keys of users, machines or
validators. And if it did, there would be several people filing urgent
security reports against it...

You can get the validation key from the first admin after setup,
probably from other admins or your old laptop too. You can create new
keys for validation and admins at any time, but when doing so you will
see a warning that you have to save the private key yourself as
chef-server isn't storing it.

Really the securest way would be to create new keys on your workstation
and make the chef-server only sign your signing-requests to trust them
in the future. But I think that is still on the todo list for admin-
and validation-keys.

Have fun,

Arnold