Bootstrap uses SSH to set up the bootstrap host but the host keys of the bootstrap host aren't verified. This presents an opportunity for a MITM attack.
axw and menn0 have come up with a possible solution for this.
1. During bootstrap, the client pre-generates SSH host keys for the bootstrap node and pass them to cloud-init[1]. This way the host keys aren't generated on the bootstrap node and the host keys are known to the client.
2. Bootstrap happens, with the SSH part using the pre-generated SSH host keys.
3. The bootstrap agent generates new SSH host keys for the host (probably in InitializeState). This is needed because cloud-init data is not secure. On some clouds it is easily available to any process running on the machine.
4. The bootstrap machine agent comes up and reports the newly generated keys to the controller. This is already in place. As part of the fix for bug 1456916, all machines agents report the SSH public keys to the controller when they start.
[1] - http://cloudinit.readthedocs.io/en/latest/topics/examples.html#configure-instances-ssh-keys
If the secrets passed to cloud-init are leaked to non-root processes started after provisioning has completed or logged, then that certainly seems bug worthy on cloud-init. That would compromise the security of all tools using it unless they do a similar work around to what is proposed here.
If the secrets are only accessible to processes run during provisioning, then I don't think steps 3 and 4 are required.