While introducing myself to configuration management I’ve come to Chef which looks interesting and I’d like it to be part of our system architecture.
However I wonder what the authentication of configuration items (recipes?) is. In documentation I’ve found that all API calls are subject to authentication and authorization. But how does a client know that the configuration it’s supposed to use is trustworthy? Does it just blindly trust the Chef Server?
What I mean is that security of the whole network would depend on Chef Server security if there is no authentication of configuration items. If an intruder had successfully attacked Chef Server she would have gained privileges to control the whole network of Chef clients.
Is there any mechanism in place which prevents a disaster in such a scenario?
Thank you for your kind answers
Resource for apt-key add ?
With Chef we are distributing proper “sources.list” files onto our servers.
Is there any resources / helper to handle manage the keys?
For example – what comes to my mind now is execture ‘Script’ for example:
But if there is any other way – for example with passing only parameter (id of the key) – please tell me :)