On Thu, Aug 29, 2013 at 05:47:41PM -0400, Worker Bee wrote: > I am having a bit of difficulty implementing hiera-gpg; particularly with > accomplishing the deencryption in my manifests. Can anyone either provide > a simple example or point me to a good resource? I have searched alot and > am still struggling. > > Any help would be very appreciated! > > Thanks! > Bee
You just need to have the hiera-gpg gem installed, make sure that gpg is listed in the backends array in hiera.yaml, then the puppet user needs to have the private key configured within it's $HOME/.gnupg -where $HOME is usually /var/lib/puppet. By default pgp keys are encrypted with a passphrase, which would need to be supplied and held in a running keyring for that user, so was previously working around this by using a non-passphrase protected subkey. I've now however moved away from hiera-gpg due to performance overhead on large catalogs and moved to a git post-commit hook that decrypts any .gpg files to .yaml within a dedicated hierarchy for decrypted files, using that same insecure private subkey. Cheers, -- Richard Clark rich...@fohnet.co.uk
signature.asc
Description: Digital signature