Confirmed users
1,018
edits
ReleaseEngineering/PuppetAgain/Secrets: Difference between revisions
Jump to navigation
Jump to search
ReleaseEngineering/PuppetAgain/Secrets (view source)
Revision as of 20:03, 27 February 2014
, 27 February 2014→Using EYAML: remove mentions of bugs which have been fixed
(→Using EYAML: remove mentions of bugs which have been fixed) |
|||
| Line 27: | Line 27: | ||
== Using EYAML == | == Using EYAML == | ||
Secrets are accessed via hiera, using hiera-eyaml. That means that the secrets files are regular YAML files, but contain ciphertext enclosed by ENC[..] where secrets are protected. The public and private keys used for this encryption are stored on the puppetmasters themselves. | Secrets are accessed via hiera, using hiera-eyaml. That means that the secrets files are regular YAML files, but contain ciphertext enclosed by ENC[..] where secrets are protected. The public and private keys used for this encryption are stored on the puppetmasters themselves. | ||
| Line 37: | Line 36: | ||
where 'foo' is the name of the variable to set. Then copy/paste whichever result format you prefer into `/etc/hiera/secrets.eyaml` or into your own `/etc/hiera/environments/<username>_secrets.eyaml`. | where 'foo' is the name of the variable to set. Then copy/paste whichever result format you prefer into `/etc/hiera/secrets.eyaml` or into your own `/etc/hiera/environments/<username>_secrets.eyaml`. | ||
To check the value of a secret, use 'hiera': | To check the value of a secret, use 'hiera': | ||
| Line 44: | Line 41: | ||
hiera -c /etc/puppet/hiera.yaml root_pw_saltedsha512 | hiera -c /etc/puppet/hiera.yaml root_pw_saltedsha512 | ||
The `-c` is optional. | |||
== User Environments == | == User Environments == | ||