Confirm
210
edits
Changes
Move checks in their own section. Added a help subsection related to secret() and non-decrypted values
--output examples --password -l 'foo'
where 'foo' is the name of the variable to set. It will prompt for the password to encrypt. The output will go to stdout, in 2 formats (all one line, multiline). Copy/paste whichever result format you prefer into `/etc/hiera/secrets.eyaml` or into your own `/etc/hiera/environments/<username>_secrets.eyaml`. Double-check your work before saving -- if this file can't be parsed as valid yaml, all puppet runs will fail. A python one line syntax checker is: python -c "import yaml; f=open('secrets.eyaml','r'); yaml.load(f)" && echo "pass" || echo "FAIL"
=== Encrypt files (e.g. private keys) ===
and update `/etc/hiera/secrets.eyaml` accordingly as per instructions above.
=== Check your YAML files ===
==== YAML Syntax ====
Double-check your work before saving -- if this file can't be parsed as valid yaml, all puppet runs will fail. A python one line syntax checker is:
python -c "import yaml; f=open('secrets.eyaml','r'); yaml.load(f)" && echo "pass" || echo "FAIL"
When in doubt, run `eyaml --help` or `eyaml encrpyt --help`.
==== Secret values ====
To check the value of a secret, use 'hiera':
hiera root_pw_saltedsha512 environment='<username>'
==== Help! secret() does not interpret my secret ====
Sometimes, secret() (or function_secret()) may return the raw value, instead of the decrypted one. This is very likely because of a bad copy and paste. In order to verify this, run the hiera command detailed in the section above. If the non-decrypted value is still returned, paste the encrypted value again. Some characters (like the closing ]) may be missing.
== User Environments ==
