Ask Your Question
0

How to keep database password secure?

asked 2013-09-14 17:05:03 -0500

spuder gravatar image

updated 2013-09-14 21:33:50 -0500

golja gravatar image

When you use the Mysql module, you can create a user like so:

mysql::db { 'mydb':
  user     => 'myuser',
  password => 'mypass',
  host     => 'localhost',
  grant    => ['all'],
}

However, the puppet manifest I have will eventually be pushed to an internal git server so other departments can use the manifest. How can I share the manifest, but not share the mysql passwords?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2013-09-14 21:32:52 -0500

golja gravatar image

updated 2013-09-14 21:34:37 -0500

This is the reason why Puppet Labs introduced hiera, so you could separate configuration data from modules.

This helps you disentangle site-specific data from Puppet code, for easier code re-use and easier management of data that needs to differ across your node population and at the same time you can freely push the code in public repositories, because all the sensitive data is kept in another file(s).

So for example if you have a working hiera on your puppet master you could have a config like like that:

---
mysql::db::user: myuser
mysql::db::password: pass
mysql::db::host ...
(more)
edit flag offensive delete link more

Comments

1

You can extend this even further by adding the GPG backend to hiera as well: https://github.com/crayfishx/hiera-gpg then you store the passwords in a GPG file in ...(more)

asktbt gravatar imageasktbt ( 2013-09-16 02:18:09 -0500 )edit
1

answered 2013-09-22 05:57:34 -0500

Joseph Carlos gravatar image

updated 2013-09-22 05:57:57 -0500

If you happen to have a Kerberos authentication infrastructure, you can use wallet (see link text). This allows you to keep passwords out of any git repositories. You don't need heira for this.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2013-09-14 17:05:03 -0500

Seen: 1,584 times

Last updated: Sep 22 '13