Skip to main content

Chef/Security/SshPrivateKey

Cookstyle cops page

The Cookstyle cops department: Chef/Security

Enabled by defaultSupports autocorrectionTarget Chef Version
EnabledNoAll Versions

Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.

Examples

incorrect

file '/Users/bob_bobberson/.ssh/id_rsa' do
  content '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
  mode '600'
end

Configurable attributes

NameDefault valueConfigurable values
Version Added7.28String
Include
  • **/libraries/*.rb
  • **/resources/*.rb
  • **/providers/*.rb
  • **/recipes/*.rb
  • **/attributes/*.rb
  • **/definitions/*.rb
Array

Thank you for your feedback!

×