Changes

ReleaseEngineering/PuppetAgain/Secrets

230 bytes removed, 20:03, 27 February 2014

→‎Using EYAML: remove mentions of bugs which have been fixed

== Using EYAML ==

~~(This is pending completion of bug 891853)~~

Secrets are accessed via hiera, using hiera-eyaml. That means that the secrets files are regular YAML files, but contain ciphertext enclosed by ENC[..] where secrets are protected. The public and private keys used for this encryption are stored on the puppetmasters themselves.

where 'foo' is the name of the variable to set. Then copy/paste whichever result format you prefer into `/etc/hiera/secrets.eyaml` or into your own `/etc/hiera/environments/<username>_secrets.eyaml`.

~~NOTE: This doesn't work right now - see {{bug|918070}}. Instead, use <tt>echo -n 'your password here' | eyaml -e -o block -n 'root_pw_hash!loaner'</tt>~~

To check the value of a secret, use 'hiera':

hiera -c /etc/puppet/hiera.yaml root_pw_saltedsha512

~~Once {{bug|918070}} is closed, you can omit the~~ The `-c`is optional.

== User Environments ==

Jhopkins

Confirm

1,018

edits

Changes

ReleaseEngineering/PuppetAgain/Secrets

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools