Where else is this password referenced? My inclination would be a promise that generates the password directly on the box (perhaps with pwgen).
Something like this:
files:
"/etc/local/pass"
create => "false",
classes => if_notok("gen_pass");
commands:
gen_pass::
"/usr/bin/pwgen -s > /etc/local/pass";
But I would need to know more about what the password is for...
On Jun 13, 2012, at 2:36 PM, Neil Watson wrote:
> Suppose you wish to install a piece of software on every host. Part of
> the software has password that is unique to each host. I do not want
> all passwords stored in the Cfengine policy. How do you go about
> distributing those secrets?
>
> I thought about having a secrets file and using CF access promises to
> allow each host to gather its needed file. Scale is a bit of an issue.
> If you have 500 hosts I think you need 500 rules unless iteration
> looping works in server bundles.
>
> All ideas welcome.
>
> --
> Neil Watson
> Linux/UNIX Consultant
> http://watson-wilson.ca
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@cfengine.org
> https://cfengine.org/mailman/listinfo/help-cfengine
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
