chef-mongodb3 icon indicating copy to clipboard operation
chef-mongodb3 copied to clipboard

Published 20 hours ago verified publisher icon sunggun-yu

MMS api key stored plain text

Open shortdudey123 opened this issue 9 years ago • 4 comments

The MMS api key in the node['mongodb3']['config']['mms']['mmsApiKey'] attribute is stored plain text currently and any chef node has access to this. It poses a potential security risk.

Possible solutions:

  • Encrypted data bag (Solved in https://github.com/sunggun-yu/chef-mongodb3/pull/7)
  • Chef Vault

Other thoughts on non-plain text options?

shortdudey123 avatar Jan 19 '16 23:01 shortdudey123

@shortdudey123 the test wrapper cookbook I've added for you use the encrypted data bag. https://github.com/sunggun-yu/chef-mongodb3/blob/develop/test/data_bags/mongodb/mms-agent.json

I closed out the #7 since wrapper can set the attributes from encrypted data bag. also I believe you can use chef vault in your wrapper.

Thanks

sunggun-yu avatar Jan 20 '16 00:01 sunggun-yu

since wrapper can set the attributes from encrypted data bag

Please refer to the first line of my issue :) The MMS api key in the node['mongodb3']['config']['mms']['mmsApiKey'] attribute is stored plain text

shortdudey123 avatar Jan 20 '16 00:01 shortdudey123

oh, I got you now. sorry for miss understanding. btw, it sounds having LWRP is the better option for this.

sunggun-yu avatar Jan 20 '16 02:01 sunggun-yu

Converting the this template to an LWRP? that sounds like it would work

shortdudey123 avatar Jan 20 '16 05:01 shortdudey123