Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Old-style cert-based user/client keypairs in Chef Server contain public key, but chef-vault does not extract and use them #299

Open
sean-horn opened this issue Dec 18, 2017 · 0 comments

Comments

@sean-horn
Copy link

sean-horn commented Dec 18, 2017

Since a cert-based keypair contains a public key that chef-vault could extract, chef-vault should.
Chef Manage, for example, can extract the public key from the cert stored in the database users table and display it. https://github.com/chef/chef-manage/blob/master/src/chef-manage/lib/certificate_parser.rb#L10

Chef Server also handles both types of identity https://github.com/chef/chef-server/blob/608dbe94d15822a31849952e13549744fc40a702/src/oc_erchef/apps/chef_objects/src/chef_key_base.erl#L147-L171

Otherwise, customers are forced to regenerate new-style public/private keypairs for potentially lots of users. It causes unnecessary disruption in operations.

@sean-horn sean-horn changed the title Old-style cert-based user keypairs in Chef Server contain public key, but chef-vault does not extract and use itit Old-style cert-based user/client keypairs in Chef Server contain public key, but chef-vault does not extract and use them Dec 19, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant