Sure, but that doesn't really address the issue (at least not out-of-box). Hiera puts your data outside your manifests, but at least in our case it's still in revision control. Are you putting your Hiera data elsewhere? If so, how do you control access to it?
This came up recently for us as well so I've been poking around. I see there's a project for this sort of thing: https://github.com/duritong/trocla It looks interesting, but I haven't tried it. On Mon, Oct 3, 2011 at 3:03 PM, Bruno Leon <nonolem...@gmail.com> wrote: > Have a look at hiera. > > -- > Bruno > > > On 11-10-03 06:02 PM, Alan Evans wrote: > >> Puppet Uesrs, >> >> How do you deal with sensitive data in your puppet config that does >> not belong in revision control? Think about things like SSL keys or >> passwords. >> >> i.e. >> >> /etc/ldap.conf >> ... >> binddn cn=foo,dc=example,dc=com >> bindpw mysocratesnote >> ... >> >> As of now we store the bindpw as a variable then reference that in a >> template. But this means that bindpw exists in our node definitions >> since there are different pws for different groups of hosts. >> >> Regards, >> -Alan >> >> > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@** > googlegroups.com <puppet-users%2bunsubscr...@googlegroups.com>. > For more options, visit this group at http://groups.google.com/** > group/puppet-users?hl=en<http://groups.google.com/group/puppet-users?hl=en> > . > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
