Skip to main content

SshPrivateKey

The department is: SshPrivateKey

The full name of the cop is: Chef/Security/SshPrivateKey

Enabled by default Supports autocorrection Target Chef Version
Enabled No All Versions

Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.

Examples

incorrect

file '/Users/bob_bobberson/.ssh/id_rsa' do
  content '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
  mode '600'
end

Configurable attributes

Name Default value Configurable values
Version Added 7.28 String
Include
  • **/libraries/*.rb
  • **/resources/*.rb
  • **/providers/*.rb
  • **/recipes/*.rb
  • **/attributes/*.rb
  • **/definitions/*.rb
 Array

Was this page helpful?

×









Search Results