Chuck <cssc...@gmail.com> writes: > I wouldn't put any sensitive information in a fact, unless the only people > with access to PuppetDB and your Servers are admins who already have access > to this information. But even then I still wouldn't do it.
That's more or less the conclusion I arrived at, except I can't find any real reason not to trust the Puppet ecosystem with my facts. I mean, my servers and PuppetDB are secure (well, they should be, unless I screwed things up), inventory service is turned off on my dashboard, so I should be safe, shouldn't I? > At this time I would say the best route would be something like hiera. Except AFAIU Hiera doesn't allow me to generate values on the client node. The whole point of my fact-base approach is that I don't want to manage database passwords, they just have to be long-enough random strings. -- A -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/y9hzjpkfdw2.fsf%40licencieux.ircam.fr. For more options, visit https://groups.google.com/groups/opt_out.