Ask Your Question

How to keep database password secure?

asked 2013-09-14 17:05:03 -0600

spuder gravatar image

updated 2013-09-14 21:33:50 -0600

golja gravatar image

When you use the Mysql module, you can create a user like so:

mysql::db { 'mydb':
  user     => 'myuser',
  password => 'mypass',
  host     => 'localhost',
  grant    => ['all'],

However, the puppet manifest I have will eventually be pushed to an internal git server so other departments can use the manifest. How can I share the manifest, but not share the mysql passwords?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2013-09-14 21:32:52 -0600

golja gravatar image

updated 2013-09-14 21:34:37 -0600

This is the reason why Puppet Labs introduced hiera, so you could separate configuration data from modules.

This helps you disentangle site-specific data from Puppet code, for easier code re-use and easier management of data that needs to differ across your node population and at the same time you can freely push the code in public repositories, because all the sensitive data is kept in another file(s).

So for example if you have a working hiera on your puppet master you could have a config like like that:

mysql::db::user: myuser
mysql::db::password: pass
mysql::db::host ...
edit flag offensive delete link more



You can extend this even further by adding the GPG backend to hiera as well: then you store the passwords in a GPG file in ...(more)

asktbt gravatar imageasktbt ( 2013-09-16 02:18:09 -0600 )edit

answered 2013-09-22 05:57:34 -0600

Joseph Carlos gravatar image

updated 2013-09-22 05:57:57 -0600

If you happen to have a Kerberos authentication infrastructure, you can use wallet (see link text). This allows you to keep passwords out of any git repositories. You don't need heira for this.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools



Asked: 2013-09-14 17:05:03 -0600

Seen: 1,845 times

Last updated: Sep 22 '13