Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Handling sensitive information with Puppet

What is the best way to store and handle sensitive information with puppet and safely distribute it to your nodes?

The version I am using is 2.7.

One example would be database passwords. Plain text passwords are needed on your application servers.

How can one store these without leaving them lying around inside of the puppet scripts?

like image 496
stellard Avatar asked Jun 23 '12 17:06

stellard


People also ask

How can you protect your sensitive information?

How can I protect Sensitive Data? Encryption is the most effective way to protect your data from unauthorized access. Encryption can be defined as transforming the data into an alternative format that can only be read by a person with access to a decryption key.

Which of the following can be used to encrypt sensitive data in hiera?

The hiera-eyaml gem — a backend for Hiera — can protect your sensitive data on-disk and in your repository. It works by encrypting the sensitive data in plain text YAML files, without securing your entire code base.

How is sensitive data stored?

Any sensitive data stored on a portable or personable device should be password or passcode protected and securely encrypted. This includes data held on USBs, external hard drives, laptops, desktop computers, smart phones, tablets and external servers.


Video Answer


1 Answers

Using Hiera for external data lookups and encrypting that data via eyaml or GPG is a good start.

https://docs.puppet.com/hiera/

https://puppet.com/blog/encrypt-your-data-using-hiera-eyaml

http://leebriggs.co.uk/blog/2016/11/15/using-hiera-eyaml-gpg.html

like image 178
JKG Avatar answered Oct 01 '22 15:10

JKG