I was thinking about a situation like this - *) Puppet designer decides to place all credentials in a single database (encrypted Hiera). *) developers clone the version controlled copy of it all over the place, e.g. to their laptops, that random box that everyone logs into. *) version controlled copy then potentially sits next to copies of the keys used to decipher it. *) some lazy developer decides not to use a passphrase in his key. *) laptop then gets hacked, lost or stolen, etc.
Perhaps I'm being paranoid? On Monday, April 14, 2014 2:17:36 AM UTC+10, Matthew Kennedy wrote: > > We use hiera-eyaml... This let's us selectively encrypt keys (passwords) > and let everything else remain plaintext. > > We use git and have very little concern as long as we keep our private key > secure. > > We also publish our public key so others can encrypt sensitive data > themselves. Because we have several teams that have ownership over various > pieces of sensitive information this makes managing secrets 'easy'. > On Apr 13, 2014 4:05 AM, "Alex Harvey" <[email protected] <javascript:>> > wrote: > >> Hi all, >> >> I'm pondering a design problem and would appreciate some advice: >> >> A reason for externalising data in Hiera is often said to be so that >> configuration data can be stored in a version control system, e.g. >> http://puppetlabs.com/blog/first-look-installing-and-using-hiera >> >> Meanwhile, the reason for using an encrypted Hiera backend is so that >> sensitive configuration data can be stored in Hiera, e.g. >> >> http://www.craigdunn.org/2011/10/secret-variables-in-puppet-with-hiera-and-gpg/ >> >> Thus, there is a catch: if data is too sensitive to be stored in an >> unencrypted Hiera backend, it is probably too sensitive to be stored in a >> version control system like git. >> >> I've seen people out there have considered encrypted version control >> systems, others have said sensitive configuration data shouldn't be stored >> at all, and so on - I can't find much discussion of the problem itself >> though. >> >> After thinking about it for a while, the best I could come up with was >> supposing there ought to be a way of partially encrypting the Hiera >> backend, and perhaps dealing with it using a separate level in the >> hierarchy. >> >> I note the Raziel project along these lines by Jens Bräuer: >> https://github.com/jbraeuer/raziel/ >> http://bit.ly/raziel-slides >> >> Is this more of an open problem or has the community come up with a best >> practice recommendation here? >> >> Kind regards, >> Alex >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/c13c06e9-8370-4dea-8210-13774da934ae%40googlegroups.com<https://groups.google.com/d/msgid/puppet-users/c13c06e9-8370-4dea-8210-13774da934ae%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/56629640-f5d3-4207-b3d6-f7d8f0344862%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
