tobami
commented
9 years ago Do you mean data bags?
Do you have an example in which the name leaks information?
Open halida opened 9 years ago
tobami
commented
9 years ago Do you mean data bags?
Do you have an example in which the name leaks information?
halida
commented
9 years ago Yes, Sorry about the typo.
I have lots of nodes, If one of the node is compromised, The hacker will know all my data bag names. For example, I use data bag to deploy ssh authorized_keys, the hacker will know all the admins who can access the nodes.
tobami
commented
9 years ago There is currently no way of doing that. It could be added though. The difficult part would be only deleting encrypted ones. Alternatively, all data bags could be deleted every time, you just accept the rsync cost on every deploy
halida
commented
9 years ago No need only delete encrypted ones, delete all is better. also this feature can be toggled, like:
fix node:test --delete-databags
Data tags may contain sensitive information, even I can use encrypted data bag, the name will leak some information, Is there any way to delete it after deployed?