[Puppet Users] Is "Sensitive" broken?

Wed, 09 Sep 2020 06:18:13 -0700 

Hi,

tried to use the "Sensitive" data type for the first time (with Puppet
6.18.0), but it doesn't work as expected (found and followed several
tutorials on the net, see links below), also using the "lookup_options"
method to ensure the Hiera-provided value is indeed converted to
sensitive.

Here's my sample code (Hiera files omitted):

class test (Sensitive $foo) {
  file {'/tmp/foo':
    content => "${foo}\n",
  }
}

When I run this, I get:

Notice: /Stage[main]/Test/File[/tmp/foo]/content: 
--- /tmp/foo    2020-09-09 07:53:40.166807782 +0200
+++ /tmp/puppet-file20200909-18841-zq93gr       2020-09-09
14:55:05.569695841 +0200
@@ -1 +1 @@
-bar
+Sensitive [value redacted]


Notice: /Stage[main]/Test/File[/tmp/foo]/content: content changed
'{md5}fc552...' to '{md5}48a07...'

and then the file indeed looks like this:

# cat /tmp/foo 
Sensitive [value redacted]

instead of containing the real value provided in Hiera.

Any ideas?

Thanks...

Dirk

https://blog.example42.com/2019/04/04/puppet_sensitive_data/
https://www.puppetcookbook.com/posts/hide-sensitive-values.html
https://puppet.com/blog/my-journey-securing-sensitive-data-puppet-code/
-- Dirk HeinrichsSenior Systems Engineer, Delivery PipelineOpenText ™ Discovery 
| RecommindPhone: +49 2226 15966 18Email: dheinric@opentext.comWebsite: 
www.recommind.deRecommind GmbH, Von-Liebig-Straße 1, 53359 
RheinbachVertretungsberechtigte Geschäftsführer Gordon Davies, Madhu
Ranganathan, Christian Waida, Registergericht Amtsgericht Bonn,
Registernummer HRB 10646This e-mail may contain confidential and/or privileged 
information. If
you are not the intended recipient (or have received this e-mail in
error) please notify the sender immediately and destroy this e-mail.
Any unauthorized copying, disclosure or distribution of the material in
this e-mail is strictly forbiddenDiese E-Mail enthält vertrauliche und/oder 
rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-
Mail irrtümlich erhalten haben, informieren Sie bitte sofort den
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie
die unbefugte Weitergabe dieser Mail sind nicht gestattet.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/b8b44d0a3859790edae6d420ab256d629df227a1.camel%40opentext.com.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to