Re: [Puppet Users] Pasword retrievel from external source on node

2016-03-19 Thread Thomas Müller
Am Donnerstag, 10. März 2016 17:01:36 UTC+1 schrieb Craig Dunn: > > > > On Thu, Mar 10, 2016 at 3:09 PM, Thomas Müller > wrote: > >> I'm too interested in how people manage credentials without having it in >> the catalog. >> > > The problem as I see it is that there

Re: [Puppet Users] Pasword retrievel from external source on node

2016-03-10 Thread Trevor Vaughan
One of the main issues is ensuring that the sensitive contents of the catalog do not make their way back into PuppetDB, Foreman, etc I've been toying with the idea of adding a special, non-translated function to Puppet core that will provide direction for the agent itself to reach out to a

Re: [Puppet Users] Pasword retrievel from external source on node

2016-03-10 Thread Craig Dunn
On Thu, Mar 10, 2016 at 3:09 PM, Thomas Müller wrote: > I'm too interested in how people manage credentials without having it in > the catalog. > The problem as I see it is that there isn't a blanket approach. If you need a secret value in a template, that template is

RE: [Puppet Users] Pasword retrievel from external source on node

2016-03-10 Thread Thomas Müller
I'm too interested in how people manage credentials without having it in the catalog. Recently i stumbled upon a puppetlabs blogpost about conjur. There is also a video of a presentation at puppetconf 2015 about this. Managing credentials out of band ("out of puppet") seems like a good way to

RE: [Puppet Users] Pasword retrievel from external source on node

2016-03-10 Thread Johan De Wit
ubject: Re: [Puppet Users] Pasword retrievel from external source on node On Thu, Mar 10, 2016 at 12:05 PM, Johan De Wit <jo...@open-future.be <mailto:jo...@open-future.be> > wrote: Hi, Anyone playing with the idea to manage passwords on the node by retrieving them from an e

Re: [Puppet Users] Pasword retrievel from external source on node

2016-03-10 Thread Craig Dunn
On Thu, Mar 10, 2016 at 12:05 PM, Johan De Wit wrote: > Hi, > > Anyone playing with the idea to manage passwords on the node by retrieving > them from an externa source like cyberark ? > > The idea is to avoid storing passwords in some 'human readable' form in eg. >