If using a different Vault auth method is an option, you could use the
AppRole method and define a role and policies in Vault. The Puppet agent
then authenticates under a specific role (and instance of that role) that
is governed by the policy.
On Tuesday, October 9, 2018 at 8:12:39 AM UTC-4,
We've made some more progress integrating Puppet 6+ Deferred lookups with
Vault for secrets storage.
The basic principle we've used for the isolation is to upload and sync a
Puppet TLS certificate per host, and lookup the relevant keys under there
for the secret storage.
```
vault write
We've made some more progress integrating Puppet 6+ Deferred lookups with
Vault for secrets storage.
The basic principle we've used for the isolation is to upload and sync a
Puppet TLS certificate per host, and lookup the relevant keys under there
for the secret storage.
```
vault write
Hi All!
I've been working on a Vagrant repo that sets everything up:
https://github.com/petems/puppet-vault-function-vagrant
> #export VAULT_SKIP_VERIFY=true
This one you can avoid by pointing to the puppet CA cert with VAULT_CACERT,
means you're avoiding the cert skipping.
> Our next
We now have Vault lookups working using the Deferred functionality that
debuted in Puppet6x.
Here are my high level note on "how", hoping they help someone else in the
future (lots of assumptions, but if you have questions please reach out...)
#export VAULT_SKIP_VERIFY=true
#mkdir
Hi Lindsay and Thomas,
Thanks for your documentation - I'm having some problems getting the client
lookup to work.
I have the Puppetserver CA setup in Vault, and the Vault servers Puppet
certificate and private key configured.
I have added the Puppetserver CA to the trusted roots,
per:
On Wed, Oct 10, 2018 at 5:28 AM Thomas Müller wrote:
>
>
> Am Dienstag, 9. Oktober 2018 14:12:39 UTC+2 schrieb comport3:
>>
>> Mentioned in the Puppet 6 release notes are the ability for a client to
>> lookup secret data from Vault.
>>
>> Is there any more info on how to implement this?
>>
>> I
Am Dienstag, 9. Oktober 2018 14:12:39 UTC+2 schrieb comport3:
>
> Mentioned in the Puppet 6 release notes are the ability for a client to
> lookup secret data from Vault.
>
> Is there any more info on how to implement this?
>
> I have done extensive work on POC environments that use Vault as a
