On Mon, May 23, 2022 at 8:33 AM Aleksandar Kostadinov <akostadinov(a)gmail.com>
wrote:
I tried to understand how this works on bare metal. After
installation
with ignition file provided on a local file system, is the file still
accessible unencrypted anywhere after the installation completes?
It is accessible to the root user after installation (coreos-installer) but
is automatically removed after provisioning (Ignition). No user-provided
code runs before provisioning, so the former shouldn't be an issue. The
bare-metal Ignition config has been improperly accessible in the past
<
https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedorap...
(CVE-2021-3917) but this is fixed in current Fedora CoreOS releases.
For machines that are remote and no human interaction is possible, I don't
see how credentials in ignition can be avoided. Even if hashicorp is
used,
then some credentials for hashicorp should be present. Or am I mistaken?
That's fair. Dedicated platforms are in a position to offer more
authentication and access-control options, such as single-use credentials
for bootstrapping, but long-term credentials may be needed in some
environments.
--Benjamin Gilbert