Hi, this does look potentially helpful. Thanks for sharing!
On 06/24/2013 03:26 PM, Jens Braeuer wrote: > Hi everyone, > > In my environment, we heavily rely on Hiera to parametrize our modules. > Like the Puppet code, I would like to version-control the Hiera .yaml > files. However committing passwords in plain text to GitHub seems really > odd. > > So I would like to make you aware of one of my side-projects called Raziel. > https://github.com/jbraeuer/raziel/ > http://bit.ly/raziel-slides > > While there is one approach (hiera-gpg), this renders most of the > version-control features useless, as the whole file is encrypted. With > Raziel, keys are selectively encrypted, so your .yaml file may read like > > --- > mail.user: [email protected] > mail.password: > ENC(jA0EAwMCsYQ4Nyhcgx9gySZ1Z5HPMDbSxI9TL11UrSbIxApQNeZ+uMJqwkrTNwKgs4qkD5FDgA==) > mail.server: smtp.googlemail.com > > Encryption is based on GPG via ruby-gpgme. The values itself are > encrypted symmetric. The symmetric key is encrypted with asymmetric > crypto, which allows fine grained control over attribute visibility. > > Enjoy, > Jens > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
