Forge Home

Modules

Puppet

Resources

PuppetEcosystemPuppet CommunityUpdates

node_encrypt

Encrypts secrets in the catalog using the agent's certificate.
Project URLRSS FeedReport issues

86,721 downloads

17,492 latest version

3.8 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.0.0 (latest)
  • 1.0.0
  • 0.4.1
  • 0.4.0
  • 0.3.3
  • 0.3.2
  • 0.3.1
  • 0.3.0
  • 0.2.7
  • 0.2.6
  • 0.2.5
  • 0.2.4
  • 0.2.3
  • 0.2.2
  • 0.2.1 (deleted)
  • 0.2.0 (deleted)
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Dec 13th 2015
This module has been deprecated by its author since Jun 23rd 2023.

The author has suggested puppetlabs-node_encrypt as its replacement.

Start using this module

Documentation

binford2k/node_encrypt — version 0.1.0 Dec 13th 2015

node_encrypt: over the wire encryption.

  1. Overview
  2. Usage

Overview

Do you wish your Puppet catalogs didn't contain plain text secrets? Are you tired of limiting access to your Puppet reports because of the passwords clearly visible in the change events?

This module will encrypt values for each node specifically, using their own certificates. This means that not only do you not have plain text secrets, but each node can decrypt only its own secrets.

What precisely does that mean? A resource that looks like this will never have the contents of the file in the catalog or in any reports.

node_encrypt::file { '/tmp/foo':
  owner   => 'root',
  group   => 'root',
  content => 'This string will never appear in the catalog.',
}

This also comes with a Puppet Face which can be used to generate the encrypted block ready for pasting into your manifest, and a Puppet function which can be used to programmatically generate the encrypted block.

Note: Because it requires access to each node's signed certificates, this is only useful on the CA node unless you distribute certificates or generate encrypted blocks on the CA using the puppet node encrypt face.

Usage

  • node_encrypt::file
    • This is a defined type that wraps a standard file resource, but allows you to encrypt the content in the catalog and reports.
  • puppet node encrypt
    • This is a Puppet Face that generates encrypted on the command line.
    • puppet node encrypt -t testhost.example.com "encrypt some text"
  • node_encrypt()
    • This is a Puppet function used to programmatically generate encrypted text. It's used internally so you won't need to call it yourself when using the node_encrypt::file type.
    • This can be used to generate text to pass to other types if/when they add support for this module.

Disclaimer

I take no liability for the use of this module.

Contact

binford2k@gmail.com