Skip to content
This repository has been archived by the owner on May 20, 2020. It is now read-only.

MMS api key stored plain text #26

Open
shortdudey123 opened this issue Jan 19, 2016 · 4 comments
Open

MMS api key stored plain text #26

shortdudey123 opened this issue Jan 19, 2016 · 4 comments

Comments

@shortdudey123
Copy link

The MMS api key in the node['mongodb3']['config']['mms']['mmsApiKey'] attribute is stored plain text currently and any chef node has access to this. It poses a potential security risk.

Possible solutions:

Other thoughts on non-plain text options?
@sunggun-yu
Copy link
Owner

@shortdudey123
the test wrapper cookbook I've added for you use the encrypted data bag.
https://github.com/sunggun-yu/chef-mongodb3/blob/develop/test/data_bags/mongodb/mms-agent.json

I closed out the #7 since wrapper can set the attributes from encrypted data bag. also I believe you can use chef vault in your wrapper.

Thanks

@shortdudey123
Copy link
Author

since wrapper can set the attributes from encrypted data bag

Please refer to the first line of my issue :)
The MMS api key in the node['mongodb3']['config']['mms']['mmsApiKey'] attribute is stored plain text

@sunggun-yu
Copy link
Owner

oh, I got you now. sorry for miss understanding. btw, it sounds having LWRP is the better option for this.

@shortdudey123
Copy link
Author

Converting the this template to an LWRP? that sounds like it would work

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sunggun-yu @shortdudey123