Re: [Puppet Users] Encrypt Passwords in Manifests
Thanks Guys, will check these out next week
Jim
Sent from my iPhone
On 4 Apr 2013, at 06:34, Gabriel Filion lelu...@gmail.com wrote:
Hi there,
On 04/03/2013 09:18 AM, jim wrote:
I mainly use Puppet for managing windows hosts, and what to know they
best way to either encrypt passwords in manifests or where to store them
so they are encrypted and reference them as in a variable etc ? (if that
makes sense)
e.g.
class roles::base::users {
user { 'Administrator':
ensure = present,
password = 'Please_hide_me;01',
}
You might want to have a look at trocla which was developped for that
purpose:
https://github.com/duritong/trocla
with the puppet integration module:
https://github.com/duritong/puppet-trocla
--
Gabriel Filion
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
[Puppet Users] Encrypt Passwords in Manifests
Hello all
I mainly use Puppet for managing windows hosts, and what to know they best
way to either encrypt passwords in manifests or where to store them so they
are encrypted and reference them as in a variable etc ? (if that makes
sense)
e.g.
class roles::base::users {
user { 'Administrator':
ensure = present,
password = 'Please_hide_me;01',
}
regards
James
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Encrypt Passwords in Manifests
If you use hiera try Craig Dunn's
hiera-gpghttp://www.craigdunn.org/2011/10/secret-variables-in-puppet-with-hiera-and-gpg/
.
- Keith
On 3 April 2013 14:18, jim stra...@gmail.com wrote:
Hello all
I mainly use Puppet for managing windows hosts, and what to know they best
way to either encrypt passwords in manifests or where to store them so they
are encrypted and reference them as in a variable etc ? (if that makes
sense)
e.g.
class roles::base::users {
user { 'Administrator':
ensure = present,
password = 'Please_hide_me;01',
}
regards
James
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Encrypt Passwords in Manifests
Hello!
On 03.04.2013 17:18, jim wrote:
Hello all
I mainly use Puppet for managing windows hosts, and what to know they
best way to either encrypt passwords in manifests or where to store
them so they are encrypted and reference them as in a variable etc ?
(if that makes sense)
e.g.
class roles::base::users {
user { 'Administrator':
ensure = present,
password = 'Please_hide_me;01',
}
I'm using extlookup [1] mechanism to store global constants (such as
URL's or usernames) and passwords in CSV files on Puppet master. It
allows to specify set of files from which configuration should be read
and allows to store in version control system template file for
passwords and actual passwords store only on production server. Example
of extlookup usage you can find here: https://github.com/catlee/puppet
In site.pp they specify CSV files from which constants should be read [2]:
$extlookup_datadir = $settings::manifestdir/extlookup
$extlookup_precedence = [local-config, default-config, secrets,
secrets-template]
In version control system the store only template file for passwords [3]:
root_pw_hash,
root_pw_pbkdf2,
root_pw_pbkdf2_salt,
root_pw_pbkdf2_iterations,
...
Actual secrets file is secrets.csv, which is not in version control system.
[1] http://www.devco.net/archives/2009/08/31/complex_data_and_puppet.php
[2] https://github.com/catlee/puppet/blob/master/manifests/site.pp
[3]
https://github.com/catlee/puppet/blob/master/manifests/extlookup/secrets-template.csv
regards
James
--
You received this message because you are subscribed to the Google
Groups Puppet Users group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
Vladimir Rutsky
--
You received this message because you are subscribed to the Google Groups Puppet
Users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [Puppet Users] Encrypt Passwords in Manifests
Hi there,
On 04/03/2013 09:18 AM, jim wrote:
I mainly use Puppet for managing windows hosts, and what to know they
best way to either encrypt passwords in manifests or where to store them
so they are encrypted and reference them as in a variable etc ? (if that
makes sense)
e.g.
class roles::base::users {
user { 'Administrator':
ensure = present,
password = 'Please_hide_me;01',
}
You might want to have a look at trocla which was developped for that
purpose:
https://github.com/duritong/trocla
with the puppet integration module:
https://github.com/duritong/puppet-trocla
--
Gabriel Filion
signature.asc
Description: OpenPGP digital signature
