hiera_pass

pdk
Hiera backend for pass password-store

Camptocamp

camptocamp

1,962 downloads

1,962 latest version

5.0 quality score

Version information

  • 0.1.0 (latest)
released Sep 26th 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • CentOS
    ,
    OracleLinux
    ,
    RedHat
    ,
    Scientific
    ,
    Debian
    ,
    Ubuntu
    ,
    windows
    ,
    Fedora
    ,
    SLES
    ,
    Darwin
    ,
    Solaris

Start using this module

Documentation

camptocamp/hiera_pass — version 0.1.0 Sep 26th 2019

Hiera data_hash for pass repository

This Puppet module provide two Hiera backends to look up keys in pass GnuPG password repositories.

Usage

Requirements

You need to install the ruby_gpg gem on your Puppet Master:

$ puppetserver gem install ruby_gpg

You also need to GnuPG key for your Puppet Master, allowed to decipher the passwords in your pass store.

Setup

Example set up with both data_hash and lookup_key backends:

---
version: 5
defaults:
  datadir: data
  data_hash: yaml_data
hierarchy:
  - name: "Pass data_hash"
    datadir: "/home/foo/.password-store"
    data_hash: pass_data
    # Will return the value of key in YAML from $datadir/$::project/*.gpg
    glob: "%{::project}/*.gpg"
  - name: "Pass lookup_key"
    datadir: "/home/foo/.password-store"
    lookup_key: pass_lookup_key
    # Will return the YAML content of $datadir/$::project/$key.gpg if it exists
    path: "%{::project}"
  - name: "Common"
    path: common.yaml

Usage

The pass_data Hiera backend works just like the yaml_data backend, except it uses GnuPG-encrypted YAML data (following the pass standard).

The pass_lookup_key Hiera backend uses the key as the file name to look for and returns the YAML hash parsed at that location if the file exists.