ansible-pull checks out your entire project repository, then runs whichever playbook you tell it to. That repo is basically a map to your entire infrastructure.
So, how do you ensure a compromised server doesn't reveal all that information to an attacker? (With the assumption that the attacker has root access, and that a single rooted server doesn't mean your entire infrastructure is rooted.) ansible-pull can purge the repo after it runs, but that doesn't stop an attacker from running ansible-pull with that option turned off in order to get a copy of the whole repo. Or just read the repo the next time ansible-pull is running. If you use ansible-vault, then your vault password is either in the cron job, or in a file on the server that the attacker has access to, and knows the location of. So far, all I can think of to mitigate these issues, is a repo per server, and a vault password per repo.... Which kinda destroys most of why people use configuration management. Am I just not thinking of it in the right way, or maybe misunderstanding how something works? -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ccc8006c-6007-490e-9b61-2c720c8dafbd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
