Deploy secrets in a more secure way

[kaazoo]

Short Answer:

• separate business data from business logic. Business logic goes into puppet modules. Business data goes into Hiera (http://docs.puppetlabs.com/hiera/1/)
• now use an encrypted hiera backend for your passwords / private keys - https://github.com/crayfishx/hiera-gpg

Long Answer: http://www.craigdunn.org/2011/10/secret-variables-in-puppet-with-hiera-and-gpg/

[kaazoo]

The above article is a bit old. There is a newer implementation of encrypted Hiera YAML: https://github.com/TomPoulton/hiera-eyaml

[crux]

das erscheint mir ein wenig over complicated. traditionell ist immer das bester gewesen secrects GAR NICHT im automatisierten deployment zu haben. zum beispiel bei den rails apps, ein zugriff auf einen well known-place AUSSERHALB des deployment ordners. und diesen muss dann eben ein sysad, in der regel einmalig, einrichten,

m2c, dirk

On 14 April 2014 11:39, kaazoo notifications@github.com wrote:

The above article is a bit old. There is a newer implementation of encrypted Hiera YAML: https://github.com/TomPoulton/hiera-eyaml

Reply to this email directly or view it on GitHubhttps://github.com/hoccer/puppet-talk-production/issues/4#issuecomment-40348483 .