Menu
What is the best way to store and handle sensitive information with puppet and safely distribute it to your nodes?
The version I am using is 2.7.
One example would be database passwords. Plain text passwords are needed on your application servers.
How can one store these without leaving them lying around inside of the puppet scripts?
496
How can I protect Sensitive Data? Encryption is the most effective way to protect your data from unauthorized access. Encryption can be defined as transforming the data into an alternative format that can only be read by a person with access to a decryption key.
The hiera-eyaml gem — a backend for Hiera — can protect your sensitive data on-disk and in your repository. It works by encrypting the sensitive data in plain text YAML files, without securing your entire code base.
Any sensitive data stored on a portable or personable device should be password or passcode protected and securely encrypted. This includes data held on USBs, external hard drives, laptops, desktop computers, smart phones, tablets and external servers.
Using Hiera for external data lookups and encrypting that data via eyaml or GPG is a good start.
https://docs.puppet.com/hiera/
https://puppet.com/blog/encrypt-your-data-using-hiera-eyaml
http://leebriggs.co.uk/blog/2016/11/15/using-hiera-eyaml-gpg.html
178
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
