Keep sensitive information out of node attributes
Sensitive information such as passwords should not be stored as node attributes because these are persisted back to the server and can therefore be easily retrieved via the knife node edit command.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- John Warren
- Direction:
- Approved
- Assignee:
- None
- Definition:
- Approved
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- JJ Asghar
- Completed by
- JJ Asghar
Related branches
Related bugs
Sprints
Whiteboard
mapleoin: I think there is a valid use case for storing passwords as attributes in the case where both the chef-server and the nodes are inside an internal network which is considered secure. Some products (e.g. http://
jswarren: The issue is that in some OS recipes (e.g. mysql-server), passwords are being copied from data bags into node attributes, which means that they can be read via the knife node edit command. If data bags are going to be used, the values extracted from them should be directly assigned to resources, instead of indirectly assigning them to resources via node attributes. Otherwise, one might as well use node attributes and not bother with data bags.
Gerrit topic: https:/
Addressed by: https:/
Set mysql root password directly on resource
Addressed by: https:/
Keep sensitive information out of node attributes