Ask Your Question

Recommended way for storing secrets for masterless/serverless puppet

asked 2015-10-12 06:53:12 -0600

merritt gravatar image

updated 2015-10-12 11:33:01 -0600

Hi All

What is the recommended way for storing secrets with a puppet serverless environment?

  • The serverless environments run puppet apply without root access.
  • I have a local copy of our hiera repository on each server.

Typically I would have used the eyaml extension, but this requires me to keep the private/public key on each server and it needs to be accessible by all the users who could run puppet-apply to decrypt it. The only advantage of this method is the secrets would not be available to those who have access to the hiera git repository, Apart from that I may as well just store the secrets in plain text.

Any suggestions on how to securely store secrets in the above mentioned environment would be greatly appreciated.

Kind Regards

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2015-10-13 05:43:52 -0600

worth storing the data centrally using puppetdb..? realise that's probably a no as you want a serverless environment - but other than storing the eyaml keys locally on each node I cant think of how to do this.

you could make the keys only available to puppet user locally?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2015-10-12 06:53:12 -0600

Seen: 342 times

Last updated: Oct 13 '15