DevOoops: Client Provisioning (Chef)

Notes on Chef from the 2015 Devoops Talk. Posting it so i can remove it from the slide deck but still refer to it.  Also relevant from a common problems with devops theme.

Chef allows you to define the state your servers (local or cloud) should be in and enforces it.

Web Interface



Environment Leakage

databags

knife is a Chef command line utility. The credentials are stored in data bags. Credentials can be encrypted.

Example:

$ knife data bag list




Chef/knife (encrypted data bag)

Chef/knife with path to secret file



Chef Takeaways

Be aware of what you put into chef recipes


Protect secrets/passwords

Info on securing chef: https://learn.chef.io/skills/be-a-secure-chef/

*** This is a Security Bloggers Network syndicated blog from Carnal0wnage & Attack Research Blog authored by CG. Read the original post at: http://carnal0wnage.attackresearch.com/2017/01/devooops-client-provisioning-chef.html