On 07/08/2016 06:29 AM, dkoleary wrote: > Hey; > > I've come to the point where I need to encrypt a password in hiera data. > After trying (and failing) the recipe in the puppet cookbook, I hit the > google searches and very quickly came across hiera eyaml. > > So, short question: is hiera.eyaml the generally accepted method of > encrypting data for use in modules? > > Just trying to avoid going down the wrong path again... > > Thanks > > Doug O'Leary
Hiera eyaml works very well, particularly if paired with the GPG backend as you don't have to share a PKCS private key among all the entities that need to decrypt data. It's also really useful to use the GPG backend as this allows you to segment who can, and cannot decrypt certain data, allowing you to share your hiera tree across teams and use a single puppet role / profile design where just the data is environment specific. -Andy- -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/577FC2E3.5030608%40bardicgrove.org. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
