Open woky opened 3 years ago
I assume that this project is for editing EYAML while Puppet itself decrypts them so it's more of a request to change eyaml_lookup_key.rb
.
Is this something thats likely to be done at some point ? I'm seeing more modules expecting sensitive strings and TBH its a PITA having to add lookup_options for each piece of hieradata.
I am happy to review such a PR. Would you be interested in providing one?
I'm afraid it's probably beyond my skills to do so.
So I'm learning to use secrets and I stumbled upon https://blog.example42.com/2019/04/04/puppet_sensitive_data/ and https://puppet.com/blog/my-journey-securing-sensitive-data-puppet-code/. Both blogs get into error when they declare class parameter as
Sensitive[String] $foo
and receiveString
, and solve it by manually converting data types for each value that's deemed sensitive in YAML like this:Couldn't hiera-eyaml do it automatically for all encrypted types?
I guess to not break backward compatibility this would have to be an opt-in in
hiear.yaml
, e.g.: