Open halida opened 9 years ago
Do you mean data bags?
Do you have an example in which the name leaks information?
Yes, Sorry about the typo.
I have lots of nodes, If one of the node is compromised, The hacker will know all my data bag names. For example, I use data bag to deploy ssh authorized_keys, the hacker will know all the admins who can access the nodes.
There is currently no way of doing that. It could be added though. The difficult part would be only deleting encrypted ones. Alternatively, all data bags could be deleted every time, you just accept the rsync cost on every deploy
No need only delete encrypted ones, delete all is better. also this feature can be toggled, like:
fix node:test --delete-databags
Data tags may contain sensitive information, even I can use encrypted data bag, the name will leak some information, Is there any way to delete it after deployed?