Securely storing passwords and keys?
I'd like to use Puppet to distribute ssh keys for privileged users, and passwords for a number of configuration files that require them (i.e. database credentials, to be put in templated config files). We're currently using Puppet Enterprise 2.5, and open source 2.7 on some test clients. My main requirements are:
- this information should be versioned in git
- It should be separate from our modules and manifests, so that modules/manifests can be seen by people without access to the secrets (effectively limited to those with root on the puppet master).
- Distribution should be secure ...