Hello,
- Puppet: node: 3.7.2-4 / puppet server: 2.7.2-1puppetlabs1 / puppetdb: 4.4.0-1puppetlabs1 - Distribution: Debian Jessie - Module version: latest I have some questions about the Sensitive() function: I've *rewritten* my config to something like this: class profile::grafana::base ( ... $grafana_database_password = Sensitive(hiera('monitoring::grafana::database::password')), ... ) { ... $database_cfg = { database => { type => 'mysql', host => "${database_server}:3306", name => "$grafana_database", user => "$grafana_database_user", password => $grafana_database_password.unwrap, } } .... The first question is: Is that correct ? I found the password in cleartext in the PuppetDB, but I don't know, if I have to clear the database first, to get rid all of the sensitive values,or if PuppetDB removes the passwords automatically after some time. The second question is: How looks like a plain hieradata line, to tell Puppet it is a sensitive value ? For Example: icinga2::feature::idomysql::password: "%{hiera('monitoring::icinga::mysql_password')}" icinga2::feature::idomysql::database: "%{hiera('monitoring::icinga::mysql_db')}" The password itself is stored in hiera-eyaml but I don't want to find it in the Puppetdb or logs. Should I ask the module maintainer to support it, or is it possible to do it on my own? cu denny -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/e4896bec-0f88-4cf8-a7e7-14c49dc1c839%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.