I was thinking about a situation like this - *) Puppet designer decides to place all credentials in a single database (encrypted Hiera). *) developers clone the version controlled copy of it all over the place, e.g. to their laptops, that random box that everyone logs into. *) version controlled copy then potentially sits next to copies of the keys used to decipher it. *) some lazy developer decides not to use a passphrase in his key. *) laptop then gets hacked, lost or stolen, etc.
Perhaps I'm being paranoid? On Monday, April 14, 2014 2:17:36 AM UTC+10, Matthew Kennedy wrote: > > We use hiera-eyaml... This let's us selectively encrypt keys (passwords) > and let everything else remain plaintext. > > We use git and have very little concern as long as we keep our private key > secure. > > We also publish our public key so others can encrypt sensitive data > themselves. Because we have several teams that have ownership over various > pieces of sensitive information this makes managing secrets 'easy'. > On Apr 13, 2014 4:05 AM, "Alex Harvey" <alexh...@gmail.com <javascript:>> > wrote: > >> Hi all, >> >> I'm pondering a design problem and would appreciate some advice: >> >> A reason for externalising data in Hiera is often said to be so that >> configuration data can be stored in a version control system, e.g. >> http://puppetlabs.com/blog/first-look-installing-and-using-hiera >> >> Meanwhile, the reason for using an encrypted Hiera backend is so that >> sensitive configuration data can be stored in Hiera, e.g. >> >> http://www.craigdunn.org/2011/10/secret-variables-in-puppet-with-hiera-and-gpg/ >> >> Thus, there is a catch: if data is too sensitive to be stored in an >> unencrypted Hiera backend, it is probably too sensitive to be stored in a >> version control system like git. >> >> I've seen people out there have considered encrypted version control >> systems, others have said sensitive configuration data shouldn't be stored >> at all, and so on - I can't find much discussion of the problem itself >> though. >> >> After thinking about it for a while, the best I could come up with was >> supposing there ought to be a way of partially encrypting the Hiera >> backend, and perhaps dealing with it using a separate level in the >> hierarchy. >> >> I note the Raziel project along these lines by Jens Bräuer: >> https://github.com/jbraeuer/raziel/ >> http://bit.ly/raziel-slides >> >> Is this more of an open problem or has the community come up with a best >> practice recommendation here? >> >> Kind regards, >> Alex >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users...@googlegroups.com <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/c13c06e9-8370-4dea-8210-13774da934ae%40googlegroups.com<https://groups.google.com/d/msgid/puppet-users/c13c06e9-8370-4dea-8210-13774da934ae%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/56629640-f5d3-4207-b3d6-f7d8f0344862%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
