Hey Douglas, Douglas Garstang wrote:
I need to pass sensitive options, ie passwords, on the command line, and don't want them to appear in log files.
I work around this by storing passwords in scripts distributed by File{} resources that are mode 400 to root and then Exec'ing the script. That way, all the log/catalog sees is the script being run, but not the actual password itself.
Though, if someone has permission to read /var/log/messages, then they can probably also read root scripts, so YMMV.
cYa, Avi -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
