Skip to main content


All Cookstyle Cops

The department is: Chef/Security

The full name of the cop is: Chef/Security/SshPrivateKey

Enabled by default Supports autocorrection Target Chef Version
Enabled No All Versions

Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.



file '/Users/bob_bobberson/.ssh/id_rsa' do
  content '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
  mode '600'

Configurable attributes

Name Default value Configurable values
Version Added String

Was this page helpful?


Search Results