On Thu, Feb 3, 2011 at 11:45 AM, Nick Moffitt <n...@zork.net> wrote: > Nigel Kersten: >> On Wed, Feb 2, 2011 at 5:10 PM, Daniel Pittman <dan...@puppetlabs.com> wrote: >> > (Also, I went looking and found zero attempts to solve this in a >> > reusable, FOSS way, let alone working solutions.) >> >> Yep. I've been dreaming of a Puppet-integrated Password Safe for a while :) > > Alas! I'm currently enjoying a powerful need for such a thing. My one > need is that someone who compromises a puppet client host shouldn't have > access to the safe except in specific circumstances specified by > external conditions. > > I'd also like a pony. Have it on my desk by Monday.
I actually did some work on this on the plane recently, re-using the certificates that nodes already have to do arbitrary encryption and decryption. It's not as seamless as I'd like, I've essentially subclassed the file type, but it's giving me some ideas about how we might want to come up with something more integrated. I'll polish it up and put it up on github next week when I get back from FOSDEM. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
