FAQ
Hello all

I mainly use Puppet for managing windows hosts, and what to know they best
way to either encrypt passwords in manifests or where to store them so they
are encrypted and reference them as in a variable etc ? (if that makes
sense)

e.g.

class roles::base::users {
user { 'Administrator':
ensure => present,
password => 'Please_hide_me;01',
}


regards

James

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Keith Burdis at Apr 3, 2013 at 2:41 pm
    If you use hiera try Craig Dunn's
    hiera-gpg<http://www.craigdunn.org/2011/10/secret-variables-in-puppet-with-hiera-and-gpg/>
    .

    - Keith

    On 3 April 2013 14:18, jim wrote:

    Hello all

    I mainly use Puppet for managing windows hosts, and what to know they best
    way to either encrypt passwords in manifests or where to store them so they
    are encrypted and reference them as in a variable etc ? (if that makes
    sense)

    e.g.

    class roles::base::users {
    user { 'Administrator':
    ensure => present,
    password => 'Please_hide_me;01',
    }


    regards

    James

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an
    email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Vladimir Rutsky at Apr 3, 2013 at 10:43 pm
    Hello!
    On 03.04.2013 17:18, jim wrote:
    Hello all

    I mainly use Puppet for managing windows hosts, and what to know they
    best way to either encrypt passwords in manifests or where to store
    them so they are encrypted and reference them as in a variable etc ?
    (if that makes sense)

    e.g.

    class roles::base::users {
    user { 'Administrator':
    ensure => present,
    password => 'Please_hide_me;01',
    }
    I'm using extlookup [1] mechanism to store global constants (such as
    URL's or usernames) and passwords in CSV files on Puppet master. It
    allows to specify set of files from which configuration should be read
    and allows to store in version control system template file for
    passwords and actual passwords store only on production server. Example
    of extlookup usage you can find here: https://github.com/catlee/puppet

    In site.pp they specify CSV files from which constants should be read [2]:

    $extlookup_datadir = "$settings::manifestdir/extlookup"
    $extlookup_precedence = ["local-config", "default-config", "secrets",
    "secrets-template"]

    In version control system the store only template file for passwords [3]:

    root_pw_hash,""
    root_pw_pbkdf2,""
    root_pw_pbkdf2_salt,""
    root_pw_pbkdf2_iterations,""
    ...

    Actual secrets file is secrets.csv, which is not in version control system.

    [1] http://www.devco.net/archives/2009/08/31/complex_data_and_puppet.php
    [2] https://github.com/catlee/puppet/blob/master/manifests/site.pp
    [3]
    https://github.com/catlee/puppet/blob/master/manifests/extlookup/secrets-template.csv
    regards

    James
    --
    You received this message because you are subscribed to the Google
    Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send
    an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
    --
    Vladimir Rutsky

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Gabriel Filion at Apr 4, 2013 at 5:33 am
    Hi there,
    On 04/03/2013 09:18 AM, jim wrote:
    I mainly use Puppet for managing windows hosts, and what to know they
    best way to either encrypt passwords in manifests or where to store them
    so they are encrypted and reference them as in a variable etc ? (if that
    makes sense)

    e.g.

    class roles::base::users {
    user { 'Administrator':
    ensure => present,
    password => 'Please_hide_me;01',
    }
    You might want to have a look at trocla which was developped for that
    purpose:

    https://github.com/duritong/trocla

    with the puppet integration module:

    https://github.com/duritong/puppet-trocla

    --
    Gabriel Filion
  • James Matthews at Apr 4, 2013 at 6:13 pm
    Thanks Guys, will check these out next week

    Jim

    Sent from my iPhone
    On 4 Apr 2013, at 06:34, Gabriel Filion wrote:

    Hi there,
    On 04/03/2013 09:18 AM, jim wrote:
    I mainly use Puppet for managing windows hosts, and what to know they
    best way to either encrypt passwords in manifests or where to store them
    so they are encrypted and reference them as in a variable etc ? (if that
    makes sense)

    e.g.

    class roles::base::users {
    user { 'Administrator':
    ensure => present,
    password => 'Please_hide_me;01',
    }
    You might want to have a look at trocla which was developped for that
    purpose:

    https://github.com/duritong/trocla

    with the puppet integration module:

    https://github.com/duritong/puppet-trocla

    --
    Gabriel Filion
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedApr 3, '13 at 1:18p
activeApr 4, '13 at 6:13p
posts5
users4
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase