Forge Home

hiera_pass

Hiera backend for pass password-store

2,826 downloads

2,826 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.1.0 (latest)
released Sep 26th 2019
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • , , , , , , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'camptocamp-hiera_pass', '0.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add camptocamp-hiera_pass
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install camptocamp-hiera_pass --version 0.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

camptocamp/hiera_pass — version 0.1.0 Sep 26th 2019

Hiera data_hash for pass repository

This Puppet module provide two Hiera backends to look up keys in pass GnuPG password repositories.

Usage

Requirements

You need to install the ruby_gpg gem on your Puppet Master:

$ puppetserver gem install ruby_gpg

You also need to GnuPG key for your Puppet Master, allowed to decipher the passwords in your pass store.

Setup

Example set up with both data_hash and lookup_key backends:

---
version: 5
defaults:
  datadir: data
  data_hash: yaml_data
hierarchy:
  - name: "Pass data_hash"
    datadir: "/home/foo/.password-store"
    data_hash: pass_data
    # Will return the value of key in YAML from $datadir/$::project/*.gpg
    glob: "%{::project}/*.gpg"
  - name: "Pass lookup_key"
    datadir: "/home/foo/.password-store"
    lookup_key: pass_lookup_key
    # Will return the YAML content of $datadir/$::project/$key.gpg if it exists
    path: "%{::project}"
  - name: "Common"
    path: common.yaml

Usage

The pass_data Hiera backend works just like the yaml_data backend, except it uses GnuPG-encrypted YAML data (following the pass standard).

The pass_lookup_key Hiera backend uses the key as the file name to look for and returns the YAML hash parsed at that location if the file exists.