We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.
We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.
Thanks for collaborating with us!
A large customer has a requirement to protect sensitive configuration data such that recovery by users at the CLI or API is not trivial.
A specific example they gave which is currently problematic is LDAP bind passwords which reside in the config in cleartext.
Currently they are exposed in config.toml (which they delete after applying).
The larger issues is that it's also pretty easy to recover them with a curl against the Hab API, or via chef-automate config show
A mechanism similar to the one in Chef server for secrets storage might be appropriate (chef-server-ctl set-secret data_collector token 'some-token' )