Back to Integrations

Chef Integration

Secure privileged access to your Chef infrastructure with unified identity, just-in-time access, and comprehensive audit trails for Chef Infra Server and Automate.

View DocumentationRequest Demo
Features

Comprehensive Chef Coverage

Secure access to all your Chef infrastructure with unified authentication and authorization.

Chef Infra Server Access

Secure access to Chef Infra Server with certificate-based authentication and role-based permissions.

Cookbook Management

Control access to cookbooks, recipes, and environments with fine-grained permissions and audit trails.

Node Credential Injection

Automatically inject short-lived SSH credentials into Chef nodes for secure infrastructure access.

Chef Automate Integration

Connect with Chef Automate for compliance scanning, workflow automation, and centralized visibility.

Capabilities

Enterprise-Grade Chef Integration

Chef Infra Server integration
Chef Automate connectivity
Cookbook access control
Recipe execution tracking
Node discovery and sync
SSH credential injection
Chef Vault integration
Run list management
Environment-based access
Policy group permissions
Compliance data collection
Audit log streaming
Setup

Get Started in Minutes

Follow these simple steps to integrate TigerAccess with your Chef infrastructure.

1

Configure Chef Server Integration

Create a service account in Chef Infra Server with appropriate permissions for TigerAccess to manage node access and discover resources.

# Create TigerAccess service user
knife user create tigeraccess \
  --admin \
  --file tigeraccess.pem

# Create organization association
knife org associate tigeraccess my-org --admin
2

Add Chef Integration

Configure the Chef integration in TigerAccess with your Chef Server URL and credentials.

tacctl integrations add chef \
  --server-url=https://chef.example.com \
  --organization=my-org \
  --client-name=tigeraccess \
  --client-key=/path/to/tigeraccess.pem
3

Enable Node Discovery

Configure node discovery to automatically sync Chef nodes into TigerAccess and enable SSH access.

# Enable automatic node sync
tacctl integrations configure chef \
  --enable-node-discovery \
  --sync-interval=5m \
  --node-filters="chef_environment:production"

# Verify discovered nodes
tac ls nodes --filter=chef
# Shows all Chef-managed nodes
4

Configure SSH Credential Injection

Set up TigerAccess to automatically inject SSH credentials into Chef nodes via cookbook attributes.

# Configure credential injection recipe
tacctl integrations configure chef \
  --enable-ssh-injection \
  --injection-recipe="tigeraccess::ssh_ca" \
  --ca-cert-attribute="tigeraccess.ca_cert"

# Update node run lists
knife node run_list add node1 \
  'recipe[tigeraccess::ssh_ca]'
Use Cases

Real-World Chef Scenarios

Secure Cookbook Development

Grant developers time-limited access to specific cookbooks and environments with automatic approval workflows and comprehensive audit trails of recipe changes.

Production Node Access

Enable SSH access to Chef-managed nodes with just-in-time credential injection, eliminating static SSH keys while maintaining full session recording.

Multi-Environment Management

Manage access across development, staging, and production Chef environments with unified authentication and environment-specific permissions.

Compliance Automation

Automatically collect Chef Automate compliance data and correlate with access sessions for SOC 2, HIPAA, and PCI DSS requirements.

FAQ

Frequently Asked Questions

How does TigerAccess integrate with Chef Infra Server?

TigerAccess uses the Chef Server API to discover nodes, manage cookbook access, and inject SSH credentials. It can sync node data automatically and apply TigerAccess certificates to enable secure, certificate-based SSH access to all Chef-managed infrastructure.

Do I need to modify my existing cookbooks?

No. TigerAccess provides a lightweight cookbook (tigeraccess::ssh_ca) that you add to your node run lists. This cookbook automatically configures SSH to trust TigerAccess certificates. Your existing cookbooks remain unchanged.

Can I control access to specific Chef environments or cookbooks?

Yes. TigerAccess supports fine-grained access control based on Chef environments, policy groups, cookbook names, and node attributes. You can create roles that grant access only to specific environments (e.g., staging vs. production) or cookbook repositories.

How does TigerAccess work with Chef Automate?

TigerAccess integrates with Chef Automate to collect compliance scan data, workflow events, and node status. It can correlate Chef Automate events with access sessions to provide comprehensive audit trails showing who accessed which nodes and what configuration changes were made.

What happens to existing SSH keys on Chef nodes?

TigerAccess works alongside existing SSH keys. When you enable certificate-based authentication, Chef nodes will accept both traditional SSH keys and TigerAccess certificates. You can gradually migrate to certificate-only authentication at your own pace.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free TrialContact Sales

No credit card required • 14-day free trial • Enterprise support available