OpenStack + Chef

Keep sensitive information out of node attributes

Registered by John Warren on 2014-08-05

Sensitive information such as passwords should not be stored as node attributes because these are persisted back to the server and can therefore be easily retrieved via the knife node edit command.

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: John Warren

Direction:: Approved

Assignee:: None

Definition:: Approved

Series goal:: None

Implementation:: Implemented

Milestone target:: None

Started by: JJ Asghar on 2015-03-24

Completed by: JJ Asghar on 2015-03-24

Related branches

Related bugs

Sprints

Whiteboard

mapleoin: I think there is a valid use case for storing passwords as attributes in the case where both the chef-server and the nodes are inside an internal network which is considered secure. Some products (e.g. http://crowbar.github.io) rely on attributes for passing passwords around. That being said, I agree that the default should be to store passwords in databags and that is what we are currently doing AFAIK. See the use_databags attribute in the -common cookbook.

jswarren: The issue is that in some OS recipes (e.g. mysql-server), passwords are being copied from data bags into node attributes, which means that they can be read via the knife node edit command. If data bags are going to be used, the values extracted from them should be directly assigned to resources, instead of indirectly assigning them to resources via node attributes. Otherwise, one might as well use node attributes and not bother with data bags.

Gerrit topic: https://review.openstack.org/#q,topic:bp/no-secret-attributes,n,z

Addressed by: https://review.openstack.org/118649
Set mysql root password directly on resource

Addressed by: https://review.openstack.org/112141
Keep sensitive information out of node attributes

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Ionuț Arțăriși