OpenSSLPasswordHelpers
The department is: OpenSSLPasswordHelpers
The full name of the cop is: Chef/Correctness/OpenSSLPasswordHelpers
Enabled by default | Supports autocorrection | Target Chef Version |
---|---|---|
Enabled | No | All Versions |
The OpenSSL cookbook provides a deprecated secure_password
helper in the Opscode::OpenSSL::Password
class, which should no longer be used. This helper would generate a random password that would be used when a data bag or attribute was no present. The practice of generating passwords to be stored on the node is bad security as it exposes the password to anyone that can view the nodes, and deleting a node deletes the password. Passwords should be retrieved from a secure source for use in cookbooks.
incorrect
::Chef::Recipe.send(:include, Opscode::OpenSSL::Password) basic_auth_password = secure_password
Examples
Configurable attributes
Name | Default value | Configurable values |
---|---|---|
Version Added | 6.6.0 | String |
Include | Array |