Skip to content

Old-style cert-based user/client keypairs in Chef Server contain public key, but chef-vault does not extract and use them #299

Description

@sean-horn

Since a cert-based keypair contains a public key that chef-vault could extract, chef-vault should.
Chef Manage, for example, can extract the public key from the cert stored in the database users table and display it. https://github.com/chef/chef-manage/blob/master/src/chef-manage/lib/certificate_parser.rb#L10

Chef Server also handles both types of identity https://github.com/chef/chef-server/blob/608dbe94d15822a31849952e13549744fc40a702/src/oc_erchef/apps/chef_objects/src/chef_key_base.erl#L147-L171

Otherwise, customers are forced to regenerate new-style public/private keypairs for potentially lots of users. It causes unnecessary disruption in operations.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions