Currently, the sensitive option is not available for the template declarations which create the SSL certs. The end result is that the keys, including private, are printed to standard out during the chef run. As an improvement to security, the sensitive option should be enabled and set to true by default for this template resource.
An example of a potential scenario could be where someone is logging output of the chef runs to a file, which is then read by Logstash and indexed in ElasticSearch. Consequently, anyone who would have read access to this data via Kibana would be able to easily obtain the certificates.
Currently, the sensitive option is not available for the template declarations which create the SSL certs. The end result is that the keys, including private, are printed to standard out during the chef run. As an improvement to security, the sensitive option should be enabled and set to true by default for this template resource.
An example of a potential scenario could be where someone is logging output of the chef runs to a file, which is then read by Logstash and indexed in ElasticSearch. Consequently, anyone who would have read access to this data via Kibana would be able to easily obtain the certificates.