Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you use Chef, at Balanced (https://github.com/balanced), we've built a pretty awesome tool called: "Citadel" (https://github.com/balanced-cookbooks/citadel) that uses IAM policies for fetching secrets securely stored in S3 buckets.

It's pretty awesome. We're porting all of our code to use this, so we can open source most of our code freely and not have to necessary find ourselves working around security hurdles like this one -- though I'm not sure how it would've helped in this particular use case.



Cool. I'm curious: what was your motivation for doing this rather than using Chef's encrypted data bags?

Is it because it's tightly integrated with IAM? If that's the case, does that mean you guys use a cookbook that tightly couples system users with IAM roles?


We're strong believers that data bags are an anti-pattern. One of our engineers, https://github.com/coderanger, wrote something up: https://coderanger.net/2014/02/data-bags/

He was employed previously at Opscode, now Chef Inc.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: