Re: [Puppet Users] Re: hiera-eyaml - masterless puppet

hiera-eyaml-kms is a good solution that uses AWS KMS to manage encryption keys. EC2 instances can be provisioned with an IAM instance profile that grants access to the required keys. -- You received this message because you are subscribed to the

Re: [Puppet Users] Re: hiera-eyaml - masterless puppet

Wondering if Windows 2015.2 supports it. Of course, in a masterless setup. On Wednesday, March 11, 2015 at 5:04:53 PM UTC-4, jeff Adams wrote: > > We're using a couple of techniques: > > We bake them into our system images, and for ad-hoc we have a Rundeck > job that can push the keys onto a

Re: [Puppet Users] Re: hiera-eyaml - masterless puppet

We're using a couple of techniques: We bake them into our system images, and for ad-hoc we have a Rundeck job that can push the keys onto a host. Haven't had to rotate the keys yet, but I presume that we'd either use the ad-hoc technique, or re-spin the system image and re-deploy the hosts.

Re: [Puppet Users] Re: hiera-eyaml - masterless puppet

Jeff, I realize you may not want to share the details, but can you share your strategy on management of the private keys in a masterless setup? Thanks for the reply. Heinz On Wednesday, March 11, 2015 at 9:43:02 AM UTC-4, jeff Adams wrote: We're using eyaml in our masterless setup as well.

[Puppet Users] Re: hiera-eyaml - masterless puppet

Sure you can, you have to pass the --hiera_config parameter to the puppet apply command (pointing to your hiera.yaml) and you will need the private key used to encrypt keys on every node (this is maybe the only issue with hiera-eyaml in masterless mode). al On Tuesday, March 10, 2015 at

Re: [Puppet Users] Re: hiera-eyaml - masterless puppet

We're using eyaml in our masterless setup as well. We've got our hiera.yaml in /etc/puppet, so we don't need to specify the --hiera_config with puppet apply. True that distributing the private key(s) was an interesting issue to solve. - Jeff On 03/11/2015 08:30 AM, Alessandro Franceschi