Hmm..it seems like a pretty basic use case is an accompanying gpg file for each level of a hierarchy, just to store things like passwords, or sensitive data. Minimizing the use of things like hiera's 3.x data bindings to gain speed in hiera-gpg lookups feels like throwing the baby out with the bathwater.
I wonder how difficult (read: secure) it would be to cache the data across calls. An md5sum could be used to determine whether the contents of a .gpg file have changed since the last lookup. Instead of decrypting each file for every call, hiera-gpg can do something like: - Calculate an md5sum of the .gpg files, and the data from these files stored in memory, redis, or wherever. - When asked for a variable, do an md5sum of the .gpg file and, if the values are the same, return the data from memory - If the hash values don't match, reload the data from the .gpg file. Seems like this would be slightly faster than having to fully decrypt the contents of each file for every parameter lookup. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
