ReleaseEngineering/PuppetAgain/Secrets: Difference between revisions

Jump to navigation Jump to search

ReleaseEngineering/PuppetAgain/Secrets (view source)

Revision as of 16:55, 25 August 2015

74 bytes removed ,  25 August 2015
no edit summary
No edit summary
Line 30: Line 30:
Secrets are accessed via hiera, using hiera-eyaml.  That means that the secrets files are regular YAML files, but contain ciphertext enclosed by ENC[..] where secrets are protected.  The public and private keys used for this encryption are stored on the puppetmasters themselves.
Secrets are accessed via hiera, using hiera-eyaml.  That means that the secrets files are regular YAML files, but contain ciphertext enclosed by ENC[..] where secrets are protected.  The public and private keys used for this encryption are stored on the puppetmasters themselves.


To encrypt a new *password*, as root on an [https://wiki.mozilla.org/ReleaseEngineering/Puppet#Masters authoritative puppetmaster], use:
To encrypt a new *password*, as root on any puppetmaster, use:


   eyaml encrypt --pkcs7-private-key /etc/hiera/keys/private_key.pem --pkcs7-public-key /etc/hiera/keys/public_key.pem \
   eyaml encrypt --pkcs7-private-key /etc/hiera/keys/private_key.pem --pkcs7-public-key /etc/hiera/keys/public_key.pem \
Djmitche
canmove, Confirmed users
1,394

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1091904"

Navigation menu