Skip to main content

OpenSSLPasswordHelpers

All Cookstyle Cops


The department is: Chef/Correctness

The full name of the cop is: Chef/Correctness/OpenSSLPasswordHelpers


Enabled by defaultSupports autocorrectionTarget Chef Version
EnabledNoAll Versions

The openSSL cookbook provides a deprecated secure_password helper in the Opscode::OpenSSL::Password class, which should not longer be used. This helper would generate a random password that would be used when a data bag or attribute was no present. The practice of generating passwords to be stored on the node is bad security as it exposes the password to anyone that can view the nodes, and deleting a node deletes the password. Passwords should be retrieved from a secure source for use in cookbooks.

incorrect

::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) basic_auth_password = secure_password

Examples

Configurable attributes

NameDefault valueConfigurable values
Version Added6.6.0String
Exclude
  • **/metadata.rb
  • **/Berksfile
Array

Was this page helpful?