Skip to content
This repository has been archived by the owner on Mar 19, 2022. It is now read-only.

Remove data_bag_key after "cooking" server #218

Closed
tjwallace opened this issue Mar 4, 2013 · 3 comments
Closed

Remove data_bag_key after "cooking" server #218

tjwallace opened this issue Mar 4, 2013 · 3 comments

Comments

@tjwallace
Copy link

I think it would be more secure if after a server has been chef'd/cooked, the data_bag_key was removed.
@matschaffer
Copy link
Owner

The "clean" command was made for this exact case. Though the changes I'm
working on in #199 would probably make it easy to remove just the key file
rather than removing everything like clean does.

-Mat

On Mar 4, 2013, at 9:56, Jeff Wallace notifications@github.com wrote:

I think it would be more secure if after a server has been chef'd/cooked,
the data_bag_key was removed.


Reply to this email directly or view it on
GitHubhttps://github.com//issues/218
.

@tmatilai
Copy link
Collaborator

tmatilai commented May 3, 2013

The directory where the key is uploaded is now read protected from anyone else than the owner. I think this is enough for most cases, isn't it?

@matschaffer
Copy link
Owner

Closing since it's been awhile since the question was asked and we do now keep the key in a user-space protected location.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@matschaffer @tmatilai @tjwallace