Change the way Puppet Enterprise read crendential file from .fog file

asked 2015-02-04 17:23:09 -0500

Hello_there gravatar image

By default, Puppet Enterprise read ~/.fog file to get the awsaccesskeyid and awssecretaccesskey to access AWS EC2.

The credential information is stored in the .fog file in cleartext, for security consideration, I would like to make Puppet Enterprise to obtain the credentials from another source instead of the .fog file. (By calling some APIs, not just read from another static file)

I found the source code of Puppet to read from .fog in the file, /opt/puppet/lib/ruby/gems/1.9.1/gems/fog-1.5.0/benchs/fog_vs.rb :

data = File.open(File.expand_path('~/.fog')).read
  config = YAML.load(data)[:default]
  fog = Fog::AWS::S3.new(
  :aws_access_key_id     => config[:aws_access_key_id],
  :aws_secret_access_key => config[:aws_secret_access_key]
  )

I have changed it to the format like:

data = File.open(File.expand_path('~/.fog')).read
config = YAML.load(data)[:default]
config[:aws_access_key_id] = "11111"
config[:aws_secret_access_key] = "22222"
fog = Fog::AWS::S3.new(
  :aws_access_key_id     => config[:aws_access_key_id],
  :aws_secret_access_key => config[:aws_secret_access_key]
)

But the change didn't take effect, even if I have rebooted the machine.

My question is, was that due to Puppet Enterprise is compiled from the source code? How do I make the change works?

Thanks in advance for your help.

edit retag flag offensive close merge delete