Forge Home


Hiera backend for pass password-store


2,743 latest version

5.0 quality score

Version information

  • 0.1.0 (latest)
released Sep 26th 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • , , , , , , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'camptocamp-hiera_pass', '0.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add camptocamp-hiera_pass
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install camptocamp-hiera_pass --version 0.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



camptocamp/hiera_pass — version 0.1.0 Sep 26th 2019

Hiera data_hash for pass repository

This Puppet module provide two Hiera backends to look up keys in pass GnuPG password repositories.



You need to install the ruby_gpg gem on your Puppet Master:

$ puppetserver gem install ruby_gpg

You also need to GnuPG key for your Puppet Master, allowed to decipher the passwords in your pass store.


Example set up with both data_hash and lookup_key backends:

version: 5
  datadir: data
  data_hash: yaml_data
  - name: "Pass data_hash"
    datadir: "/home/foo/.password-store"
    data_hash: pass_data
    # Will return the value of key in YAML from $datadir/$::project/*.gpg
    glob: "%{::project}/*.gpg"
  - name: "Pass lookup_key"
    datadir: "/home/foo/.password-store"
    lookup_key: pass_lookup_key
    # Will return the YAML content of $datadir/$::project/$key.gpg if it exists
    path: "%{::project}"
  - name: "Common"
    path: common.yaml


The pass_data Hiera backend works just like the yaml_data backend, except it uses GnuPG-encrypted YAML data (following the pass standard).

The pass_lookup_key Hiera backend uses the key as the file name to look for and returns the YAML hash parsed at that location if the file exists.