Intial commit of secrets management CB #51
Conversation
Signed-off-by: P.Bradford <pbradford@chef.io>
|
@paul1994 Thanks for the addition! Looks like a good start. I see a couple things on the first pass. Do we need the Is the |
Signed-off-by: P.Bradford <pbradford@chef.io>
|
@paul1994 I love this, I wonder if it would be better to keep the example cookbook in it's own repo under chef-cft instead of embedded here, the reason I say this is we could keep it updated as a reference.. what are your thoughts? |
| ### Assumptions | ||
| * This guide assumes that you have a working Vault solution up and running that you can interact with | ||
|
|
||
| **Note:** The way that the vault token is used in this cookbook is not the way we recommended to store the vault_token. |
There was a problem hiding this comment.
Let's expand upon this:
- Why do we not recommend what we're doing?
- What about what's in this cookbook is bad?
- What sort of thing would we do here? Is there anything we'd recommend? This is a non-trivial problem to solve securely, and I'd love to see more around that.
| @@ -0,0 +1,32 @@ | |||
| # Delivery for Local Phases Execution | |||
There was a problem hiding this comment.
We should probably explain what the .delivery stuff is for in the README.
| @@ -0,0 +1,16 @@ | |||
| # InSpec test for recipe secrets_management::default | |||
There was a problem hiding this comment.
Is this being used? If not, should probably nuke this from orbit.
Signed-off-by: P.Bradford pbradford@chef.io