Menu
I recently saw the following construction in a salt pillar in a thread here
/srv/pillar/ssh.sls:
ssh_certs:
{% if grains['fqdn'] == 'server1.example.com' %}
dsa: |
-----BEGIN DSA PRIVATE KEY-----
{# key text goes here with consistant indentation... #}
-----END DSA PRIVATE KEY-----
ecdsa: |
-----BEGIN ECDSA PRIVATE KEY-----
{# key text goes here with consistant indentation... #}
-----END ECDSA PRIVATE KEY-----
rsa: |
-----BEGIN RSA PRIVATE KEY-----
{# key text goes here with consistant indentation... #}
-----END RSA PRIVATE KEY-----
{% elif grains['fqdn'] == 'server2.example.com' %}
# same as above but with different key texts of course....
{% endif %}
This pillar was then distributed in the top file via the * glob to all nodes in the cluster.
Since our unevaluated template contains all of the private keys for our entire cluster, how secure is this?
I believe that the minions evaluate their own salt formulae. If they evaluate their own pillars as well, then they would temporarily be given the private keys for every node in the cluster!
If I somehow gained access to server2.example.com, would I be able to dig up the uncompiled template?
Another way to ask this question would be: where does pillar template evaluation take place?
225
Salt pillar is a system that lets you define secure data that are 'assigned' to one or more minions using targets. Salt pillar data stores values such as ports, file paths, configuration parameters, and passwords.
A “highstate” is a way for Salt to dynamically determine which Salt Formulas should be applied to a certain minion. To start with you execute a “highstate” like this: salt 'minion01' state.highstate. This command causes the Minion to download and examine a file from the Salt Master called the “top file”.
In Salt, the file which contains a mapping between groups of machines on a network and the configuration roles that should be applied to them is called a top file . Top files are named top. sls by default and they are so-named because they always exist in the "top" of a directory hierarchy that contains state files.
A salt dome is a mound or column of salt that has intruded upwards into overlying sediments.
Pillar data is compiled on the Salt Master and the Pillar dictionary is sent encrypted directly to each Salt Minion. So there's no chance that each minion got the entirety of that pillar file.
That being said, a Minion's grains could be tampered with. The only absolute you have is the minion's id. The minion ID can't be tampered with without causing the minion's authentication being rejected.
106
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
