Chuck <cssc...@gmail.com> writes:

> I wouldn't put any sensitive information in a fact, unless the only people 
> with access to PuppetDB and your Servers are admins who already have access 
> to this information.  But even then I still wouldn't do it.

That's more or less the conclusion I arrived at, except I can't find any
real reason not to trust the Puppet ecosystem with my facts. I mean, my
servers and PuppetDB are secure (well, they should be, unless I screwed
things up), inventory service is turned off on my dashboard, so I should
be safe, shouldn't I?

> At this time I would say the best route would be something like hiera.

Except AFAIU Hiera doesn't allow me to generate values on the client
node. The whole point of my fact-base approach is that I don't want to
manage database passwords, they just have to be long-enough random
strings.

-- 
A

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/y9hzjpkfdw2.fsf%40licencieux.ircam.fr.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to