Hello,
- Puppet: node: 3.7.2-4 / puppet server: 2.7.2-1puppetlabs1 / puppetdb:
4.4.0-1puppetlabs1
- Distribution: Debian Jessie
- Module version: latest
I have some questions about the Sensitive() function:
I've *rewritten* my config to something like this:
class profile::grafana::base (
...
$grafana_database_password =
Sensitive(hiera('monitoring::grafana::database::password')),
...
)
{
...
$database_cfg = {
database => {
type => 'mysql',
host => "${database_server}:3306",
name => "$grafana_database",
user => "$grafana_database_user",
password => $grafana_database_password.unwrap,
}
}
....
The first question is: Is that correct ?
I found the password in cleartext in the PuppetDB, but I don't know, if I
have to clear the database first, to get rid all of the sensitive values,or
if PuppetDB removes the passwords automatically after some time.
The second question is: How looks like a plain hieradata line, to tell
Puppet it is a sensitive value ?
For Example:
icinga2::feature::idomysql::password:
"%{hiera('monitoring::icinga::mysql_password')}"
icinga2::feature::idomysql::database:
"%{hiera('monitoring::icinga::mysql_db')}"
The password itself is stored in hiera-eyaml but I don't want to find it in
the Puppetdb or logs.
Should I ask the module maintainer to support it, or is it possible to do
it on my own?
cu denny
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/e4896bec-0f88-4cf8-a7e7-14c49dc1c839%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
