hiera-gpg backend does not work on PE 3.0.1
I'm trying to implement hiera-gpg on PE3.0.1, but the PM cannot decrypt the contents. I'm following craig's writeup here: http://www.craigdunn.org/2011/10/secret-variables-in-puppet-with-hiera-and-gpg/
pe-httpd is running as user pe-apache, so if that user can decrypt my files I should be ok right? When I run Hiera as pe-apache from cli with sudo, it can decrypt the data.
sudo -u pe-apache gpg --homedir=/etc/puppetlabs/gpg -d [path]/common.gpg
Puppet cannot. How can I debug this further?
The PM has this in the log:
hiera(): [gpg_backend]: No usable keys found in ...