Hi; I have hiera.eyaml installed and functional from the CLI; however, when I attempt to use it in a module, the encrypted string is being used rather than the decrypted value.
I have to be missing something mind numbingly simple; but, I've been through the doc at https://github.com/TomPoulton/hiera-eyaml so many times it's starting to blur. Can someone tell me waht I messed up? >From the CLI: -bash-4.1$ cat nap1d030.yaml --- # mpintp::source: 'ntp.conf.dmz' # mpisyslog::el6::source: 'mpi-custom.conf' mpisshd::enabled: false mpiroot::pwd: > ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw DQYJKoZIhvcNAQEBBQAEggEAANy7eyKzeNLVeNqF3h4qM5pEw38G8yWJOezA SQ72MugY8FgwIWNsE2TmS3W2jBe1/zTAggd5p79RBubIdfL5DDPjjNTimzgV k0qppx3EefolMSzphfvVv5JOz8ue13OvpzFV/MM5qZLhOeUFAIUY3NM9RqHN PVM/woxhpnjMStlKXGakJYxLrf8ucMLh5WrW7JpN0jvjjVlVJjGsLaqygUsC alJ3zQkgxtaR0SCCgvvsJ2wYCs82fVnuFf6d0g4cPPCGnT3CtNFFffQMlwTt uEErGyKswxMPnKWybFNLYj+cVOhbLf946CMzCUcpWUIdHBnT3BcAi4qiryJF 6O91WzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBA5QFyFpSmqqxUlAByZ qFWsgBDY6tjQ9Pbb4nRHCvkI29ve] -bash-4.1$ eyaml decrypt -f ./nap1d030.yaml [hiera-eyaml-core] Loaded config from /opt/puppetlabs/server/data/ puppetserver/.eyaml/config.yaml --- # mpintp::source: 'ntp.conf.dmz' # mpisyslog::el6::source: 'mpi-custom.conf' mpisshd::enabled: false mpiroot::pwd: snipped The test module just does a notify: class mpiroot ( $pwd, ) { notify { "Password: ${pwd}": } } And the run shows the encrypted string: $ sudo puppet agent -t Notice: Local environment: 'production' doesn't match server specified node environment 'dkoleary', switching agent to 'dkoleary'. Info: Retrieving pluginfacts Info: Retrieving plugin Info: Loading facts Info: Caching catalog for nap1d030.multiplan.com Info: Applying configuration version '1467996521' Notice: Password: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw DQYJKoZIhvcNAQEBBQAEggEAANy7eyKzeNLVeNqF3h4qM5pEw38G8yWJOezA SQ72MugY8FgwIWNsE2TmS3W2jBe1/zTAggd5p79RBubIdfL5DDPjjNTimzgV k0qppx3EefolMSzphfvVv5JOz8ue13OvpzFV/MM5qZLhOeUFAIUY3NM9RqHN PVM/woxhpnjMStlKXGakJYxLrf8ucMLh5WrW7JpN0jvjjVlVJjGsLaqygUsC alJ3zQkgxtaR0SCCgvvsJ2wYCs82fVnuFf6d0g4cPPCGnT3CtNFFffQMlwTt uEErGyKswxMPnKWybFNLYj+cVOhbLf946CMzCUcpWUIdHBnT3BcAi4qiryJF 6O91WzA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBA5QFyFpSmqqxUlAByZ qFWsgBDY6tjQ9Pbb4nRHCvkI29ve] [[snip]] The hiera.yaml file and keys: --- :backends: - yaml - eyaml :hierarchy: - "hosts/%{facts.hostname}" - "environments/%{facts.environment}" - "host_env/%{facts.env}" - "dc/%{facts.dc}" - "os/%{facts.operatingsystemmajrelease}" - common :yaml: :datadir: /etc/puppetlabs/code/hieradata :eyaml: :extension: 'yaml' :datadir: /etc/puppetlabs/code/hieradata :pkcs7_private_key: /etc/puppetlabs/secure/keys/private_key.pkcs7.pem :pkcs7_public_key: /etc/puppetlabs/secure/keys/public_key.pkcs7.pem -bash-4.1$ ls -ld /etc/puppetlabs/secure/keys/{public,private}_key*.pem -r--------. 1 puppet puppet 1675 Jul 8 11:28 /etc/puppetlabs/secure/keys/ private_key.pkcs7.pem -r--------. 1 puppet puppet 1050 Jul 8 11:28 /etc/puppetlabs/secure/keys/ public_key.pkcs7.pem Any hints/tips, etc gratefully accepted. Thanks Doug -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/c3785f68-7f17-404d-850a-e8a37f2a4380%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.