If using a different Vault auth method is an option, you could use the AppRole method and define a role and policies in Vault. The Puppet agent then authenticates under a specific role (and instance of that role) that is governed by the policy.
On Tuesday, October 9, 2018 at 8:12:39 AM UTC-4, comport3 wrote: > > Mentioned in the Puppet 6 release notes are the ability for a client to > lookup secret data from Vault. > > Is there any more info on how to implement this? > > I have done extensive work on POC environments that use Vault as a top > level in Hierarchy and mark the secrets as 'sensitive' so they do not > appear in logs and reports, but do not want to continue deploying this > methodology if it's not the way the technology is headed. > > https://github.com/comport3/puppet5-hiera-vault-poc > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/ea2b69c6-2050-468a-ab7a-ea6bdb2abee1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
