On Feb 5, 1:56 am, Nigel Kersten <ni...@puppetlabs.com> wrote: > On Thu, Feb 3, 2011 at 11:45 AM, Nick Moffitt <n...@zork.net> wrote: > > Nigel Kersten: > >> On Wed, Feb 2, 2011 at 5:10 PM, Daniel Pittman <dan...@puppetlabs.com> > >> wrote: > >> > (Also, I went looking and found zero attempts to solve this in a > >> > reusable, FOSS way, let alone working solutions.) > > >> Yep. I've been dreaming of a Puppet-integrated Password Safe for a while :) > > > Alas! I'm currently enjoying a powerful need for such a thing. My one > > need is that someone who compromises a puppet client host shouldn't have > > access to the safe except in specific circumstances specified by > > external conditions. > > > I'd also like a pony. Have it on my desk by Monday. > > I actually did some work on this on the plane recently, re-using the > certificates that nodes already have to do arbitrary encryption and > decryption. > > It's not as seamless as I'd like, I've essentially subclassed the file > type, but it's giving me some ideas about how we might want to come up > with something more integrated. > > I'll polish it up and put it up on github next week when I get back from > FOSDEM.
Hi Nigel, I found this via a google search today. I've come up with a few possible solutions, but I don't like them. I was thinking of using the existing cert as well. Have you posted the code you came up with? Kyle -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
