Forum: CFEngine Help Subject: Thoughts of encrypting the entire Cfengine workspace? Author: msvob...@linkedin.com Link to topic: https://cfengine.com/forum/read.php?3,25714,25714#msg-25714
So, the Cfengine policies / configurations that we transfer to clients contains all of the secrets of how our infrastructure is put together and maintained. If you have Cfengine running on hosts exposed to the internet, you risk the chance of someone being able to exploit a host and gain access to a complete copy of your configuration management system. Has there been any thought on encrypting all content under /var/cfengine using PGP or some other sort of encryption software, where having access to the Cfengine workspace by a malicious user couldn't compromise company secrets? The data is encrypted when the bits fly over the network wire, but if someone were to gain access to the machine and elevate to the root privs, the game is over. Thanks Mike _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
