Hi everyone, In my environment, we heavily rely on Hiera to parametrize our modules. Like the Puppet code, I would like to version-control the Hiera .yaml files. However committing passwords in plain text to GitHub seems really odd.
So I would like to make you aware of one of my side-projects called Raziel. https://github.com/jbraeuer/raziel/ http://bit.ly/raziel-slides While there is one approach (hiera-gpg), this renders most of the version-control features useless, as the whole file is encrypted. With Raziel, keys are selectively encrypted, so your .yaml file may read like --- mail.user: [email protected] mail.password: ENC(jA0EAwMCsYQ4Nyhcgx9gySZ1Z5HPMDbSxI9TL11UrSbIxApQNeZ+uMJqwkrTNwKgs4qkD5FDgA==) mail.server: smtp.googlemail.com Encryption is based on GPG via ruby-gpgme. The values itself are encrypted symmetric. The symmetric key is encrypted with asymmetric crypto, which allows fine grained control over attribute visibility. Enjoy, Jens -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
