DevOoops: Client Provisioning (Chef)

Notes on Chef from the 2015 Devoops Talk. Posting it so i can remove it from the slide deck but still refer to it.  Also relevant from a common problems with devops theme.

Chef allows you to define the state your servers (local or cloud) should be in and enforces it.

Web Interface

Environment Leakage


knife is a Chef command line utility. The credentials are stored in data bags. Credentials can be encrypted.


$ knife data bag list

Chef/knife (encrypted data bag)

Chef/knife with path to secret file

Chef Takeaways

Be aware of what you put into chef recipes

Protect secrets/passwords

Info on securing chef:

This is a Security Bloggers Network syndicated blog post authored by CG. Read the original post at: Carnal0wnage & Attack Research Blog