Hi Craig,
They are still stored unencrypted in the catalog, which is an issue for us. Security is a high priority in this case grts Johan -----Original message----- From: Craig Dunn <cr...@craigdunn.org> Sent: Thursday 10th March 2016 12:38 To: puppet-users@googlegroups.com Subject: Re: [Puppet Users] Pasword retrievel from external source on node On Thu, Mar 10, 2016 at 12:05 PM, Johan De Wit <jo...@open-future.be <mailto:jo...@open-future.be> > wrote: Hi, Anyone playing with the idea to manage passwords on the node by retrieving them from an externa source like cyberark ? The idea is to avoid storing passwords in some 'human readable' form in eg. hiera, manifests, catalogs, puppetdb ...... Main concern is security. Why can't you store them in hiera using hiera-eyaml?, which is what most people do - so they are stored inline with the rest of your configuration but are encrypted. If you want to go the extra mile you could use Vault, there is also a hiera-vault backend, though I've not got first hand experience of that. Craig -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com <mailto:puppet-users+unsubscr...@googlegroups.com> . To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CACxdKhF0Fk6yz%3D3Aw--VFA_DBJ1wGr0Mmfd14SezXUErn4XZNA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/zarafa.56e162ca.2418.53ee945d2e3ac275%40zarafa.open-future.be. For more options, visit https://groups.google.com/d/optout.
