On Mon, May 9, 2011 at 12:03 PM, kcrwfrd <kcrw...@gmail.com> wrote: > On Feb 5, 1:56 am, Nigel Kersten <ni...@puppetlabs.com> wrote: > > On Thu, Feb 3, 2011 at 11:45 AM, Nick Moffitt <n...@zork.net> wrote: > > > Nigel Kersten: > > >> On Wed, Feb 2, 2011 at 5:10 PM, Daniel Pittman <dan...@puppetlabs.com> > wrote: > > >> > (Also, I went looking and found zero attempts to solve this in a > > >> > reusable, FOSS way, let alone working solutions.) > > > > >> Yep. I've been dreaming of a Puppet-integrated Password Safe for a > while :) > > > > > Alas! I'm currently enjoying a powerful need for such a thing. My one > > > need is that someone who compromises a puppet client host shouldn't > have > > > access to the safe except in specific circumstances specified by > > > external conditions. > > > > > I'd also like a pony. Have it on my desk by Monday. > > > > I actually did some work on this on the plane recently, re-using the > > certificates that nodes already have to do arbitrary encryption and > > decryption. > > > > It's not as seamless as I'd like, I've essentially subclassed the file > > type, but it's giving me some ideas about how we might want to come up > > with something more integrated. > > > > I'll polish it up and put it up on github next week when I get back from > FOSDEM. > > Hi Nigel, > > I found this via a google search today. I've come up with a few > possible solutions, but I don't like them. I was thinking of using > the existing cert as well. > > Have you posted the code you came up with?
No, I'll spend some time tonight finding it. It ended up on another laptop and bad Nigel didn't commit it to version control anywhere external, so it's not as obvious as it should be... It's also very ghetto, so don't expect any polish. There were some limitations with the size of the text you could encrypt, so I had to chunk. I think RI ran into the same issue a while ago. Ideally we'd do this in a much more transparent manner. If you care a lot about this, please put in a feature request with as much detail as you can provide. The more the community registers interest in features, the more likely it is that someone steps up and gets it done :) -- Nigel Kersten Product, Puppet Labs @nigelkersten -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
