Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chef Infra needs a way to provide secure credentials in the client.rb #10985

Open
haidangwa opened this issue Feb 4, 2021 · 0 comments
Open

Chef Infra needs a way to provide secure credentials in the client.rb #10985

haidangwa opened this issue Feb 4, 2021 · 0 comments
Labels
Aspect: Security Can an unwanted third party affect the stability or look at privileged information? Triage: Feature Request Indicates an issue requesting new functionality.

Comments

@haidangwa
Copy link

haidangwa commented Feb 4, 2021
edited

Describe the Enhancement:

When specifying the rubygems_url, http_proxy, or https_proxy values in Chef Infra client's client.rb file, it seems that the only way to provide authentication credentials (e.g., to a private rubygems repo), is to embed the username and password in the URL, like https://myuser:mypass@private.rubygems.repo. This is not ideal, as the file could be read by anyone without changing the mode to 640 or stricter. For example, the chef-client::config recipe sets the permissions on the client.rb wide open: https://github.com/chef-cookbooks/chef-client/blob/master/recipes/config.rb#L83

Describe the Need:

Storing credentials in the client.rb file is not secure.

Current Alternative

The best we can do today is setting the file mode to 640 or stricter, but it would be optimal to have a better way to provide the credentials to the Chef client.

Can We Help You Implement This?:
@haidangwa haidangwa added the Status: Untriaged An issue that has yet to be triaged. label Feb 4, 2021
@haidangwa haidangwa changed the title client.rb needs a way to provide secure credentials for rubygems_url Chef Infra needs a way to provide secure credentials in the client.rb Feb 4, 2021
@haidangwa haidangwa mentioned this issue Feb 4, 2021
Closed
@tas50 tas50 added Aspect: Security Can an unwanted third party affect the stability or look at privileged information? Triage: Feature Request Indicates an issue requesting new functionality. and removed Status: Untriaged An issue that has yet to be triaged. labels Apr 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Aspect: Security Can an unwanted third party affect the stability or look at privileged information? Triage: Feature Request Indicates an issue requesting new functionality.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tas50 @haidangwa