The following items are new for Chef server 12.14:

- **Reduce password proliferation**

## Reduce password proliferation

We've substantially reduced the number of configuration files that
contain plaintext passwords. Now, no passwords or credentials are
rendered outside of `/etc/opscode/` in Chef server's default
configuration.

To ensure backwards compatibility, Chef server still renders passwords
and keys to multiple files in `/etc/opscode`. However, if you are not
using any Chef Server add-ons, or if you have updated to the latest
releases of all add-ons, you can set the following:

```ruby
insecure_addon_compat false
```

in `/etc/opscode/chef-server.rb` and remove these other occurrences of
secrets as well.

If you are using LDAP integration, external postgresql, or other Chef
server features that require providing passwords in
`/etc/opscode/chef-server.rb`, we've also provided commands that allow
you to set these passwords outside of the configuration file. For
information about these commands see [Secrets
Management](/ctl_chef_server/#secrets-management).

**Note:**

Users of the DRBD-based HA configuration may still see passwords related
to keepalived and DRBD in `/var/opt/opscode`.



For further information see:

See [Chef Server Credentials
Management](/server_security/#chef-infra-server-credentials-management)
for more details.