There are many configuration management software options nowadays (Chef, Puppet, CFEngine, Ansible...) which offer an architecture with their repository on a central server and clients communicating with the server using TCP/IP. This kind of architecture requires the whole network of clients to be able to communicate with the server and exposes the server to threats as it is a very promising target for any attacker.
As I understand it, the mentioned tools have a capability of signing the configuration items using private key cryptography. However the signing keys are server's keys and they are stored on the server. If the configuration management server gets compromised the whole network can be considered compromised.
Is there a way to avoid the risk of an equation compromised server=the whole network compromised?
What comes to my mind is signing the configuration prior to uploading it to the server by a personal private key. Every administrator would have his own.
Does any common configuration management solutions offer such a functionality or is there a different way to mitigate the risk mentioned above?
